EUVD-2026-17292
GHSA-3x2w-63fp-3qvw
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Tags
Description
SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path (from the token) and the requested path (from the application) before comparing them using startswith. This issue has been patched in version 1.9.7.
Analysis
Path traversal in SciTokens library (all versions before 1.9.7) allows authenticated attackers to bypass directory access restrictions and access unauthorized files. Attackers can inject dot-dot-slash sequences (..) into JWT scope claims to escape intended authorization boundaries due to improper path normalization during enforcement checks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all applications and systems using SciTokens library and document current versions. Within 7 days: Contact SciTokens maintainers for patch availability timeline and evaluate whether workarounds can be implemented to restrict JWT scope claim inputs. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today