Skip to main content

Xml Security

2 CVEs product

Monthly

CVE-2026-32600 PHP HIGH PATCH This Week

Critical authentication bypass vulnerability in the simplesamlphp/xml-security library (versions before 2.3.1) that affects XML encryption using AES-GCM modes. Attackers can exploit missing authentication tag validation to brute-force decryption keys, decrypt sensitive XML data, and forge arbitrary ciphertexts without knowing encryption keys. No active exploitation detected (not in KEV), but the high CVSS score (8.2) and network-based attack vector make this a priority for organizations using affected SAML/XML security implementations.

Information Disclosure Xml Security
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2023-49087 PHP HIGH POC PATCH This Week

xml-security is a library that implements XML signatures and encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Saml2 Xml Security
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Critical authentication bypass vulnerability in the simplesamlphp/xml-security library (versions before 2.3.1) that affects XML encryption using AES-GCM modes. Attackers can exploit missing authentication tag validation to brute-force decryption keys, decrypt sensitive XML data, and forge arbitrary ciphertexts without knowing encryption keys. No active exploitation detected (not in KEV), but the high CVSS score (8.2) and network-based attack vector make this a priority for organizations using affected SAML/XML security implementations.

Information Disclosure Xml Security
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

xml-security is a library that implements XML signatures and encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Saml2 Xml Security
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy