HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-46490Published Modified CNA GitHub_M

CVE-2026-46490: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

XML injection in samlify, a Node.js SAML single sign-on library, allows an authenticated user to embed raw XML markup inside a SAML AttributeValue element. Because samlify does not escape text-node content before the IdP signs the assertion, an attacker can insert additional saml:Attribute elements into the signed payload; the SP then accepts the injected attributes as legitimately signed. Successful exploitation gives the attacker arbitrary role or group membership inside any service provider that uses samlify attributes for authorization. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix version is published.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Node.js images that bundle samlify. Any image containing a vulnerable version of the library is flagged automatically.

Available
Triage

HarborGuard scores this CVE at CVSS 8.7 (HIGH) using the upstream v4.0 vector and weights findings against each customer environment's compliance policy to determine escalation priority. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix version has been published upstream, HarborGuard re-checks the samlify advisory on every ingest cycle and will make a patched-image rebuild available immediately once version 2.13.0 or a later upstream release appears. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the SAML authentication endpoint over the network; the library is exposed to any client that can submit a SAML response.

  • AuthenticationNot required

    No privileged account is needed; a normal, low-trust user account is sufficient to craft and submit the malicious assertion.

  • Victim interactionNot required

    No victim action is required; the attacker submits the crafted SAML response directly to the service provider.

  • Attack complexityDetail

    Exploit conditions are straightforward and reliable: no race conditions, memory layout dependencies, or special environmental factors are required to inject the XML markup.

Blast Radius

  • The attacker writes arbitrary role and group attributes into the signed SAML assertion, gaining access to application functionality gated behind those roles.
  • Any service provider that trusts samlify-validated attributes for authorization decisions accepts the injected claims as legitimate, so the compromise extends to every SP in the federation that shares the same IdP.
  • Confidentiality of existing data is not directly affected by this vector; the impact is limited to integrity of the authorization state for the attacker's session.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against images in customer registries and CI pipelines as soon as the advisory is ingested. Because no upstream fix has been released yet, HarborGuard monitors the samlify advisory on every ingest cycle and will trigger a patched-image rebuild the moment a fix version is published upstream. For customers with auto-remediation enabled, that rebuild will automatically include a regression test run and a PR opened against affected workloads. In the interim, compensating controls worth considering include network-policy rules that restrict which clients can submit SAML responses to your service providers, strict allow-listing of expected attribute names at the SP application layer before using them in authorization decisions, and disabling any role-promotion paths that rely solely on samlify-parsed attributes until a patched image is available.

See how HarborGuard automates this
Affected packages
  • tngan / samlify
    < 2.13.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
References