Xml Security

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-32600 HIGH PATCH This Week

Critical authentication bypass vulnerability in the simplesamlphp/xml-security library (versions before 2.3.1) that affects XML encryption using AES-GCM modes. Attackers can exploit missing authentication tag validation to brute-force decryption keys, decrypt sensitive XML data, and forge arbitrary ciphertexts without knowing encryption keys. No active exploitation detected (not in KEV), but the high CVSS score (8.2) and network-based attack vector make this a priority for organizations using affected SAML/XML security implementations.

Information Disclosure Xml Security
NVD GitHub VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-32600
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Critical authentication bypass vulnerability in the simplesamlphp/xml-security library (versions before 2.3.1) that affects XML encryption using AES-GCM modes. Attackers can exploit missing authentication tag validation to brute-force decryption keys, decrypt sensitive XML data, and forge arbitrary ciphertexts without knowing encryption keys. No active exploitation detected (not in KEV), but the high CVSS score (8.2) and network-based attack vector make this a priority for organizations using affected SAML/XML security implementations.

Information Disclosure Xml Security
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy