CVE-2026-5343 Drupal CVE debrief

Who should care

Organizations running Drupal with SAML SSO - Service Provider module versions prior to 3.1.4, particularly those using SAML-based federated authentication for administrative or privileged user access. Security teams responsible for identity and access management infrastructure, Drupal site administrators, and compliance officers monitoring authentication control effectiveness.

Technical summary

The SAML SSO - Service Provider module for Drupal fails to properly validate exceptional conditions during SAML authentication processing. This improper check (CWE-754) can be exploited to escalate privileges beyond those intended for the authenticated user. The vulnerability affects all versions from initial release (0.0.0) through 3.1.3. The fix in version 3.1.4 adds proper validation of edge cases and exceptional conditions during the SAML assertion handling workflow. Organizations using this module for federated authentication should prioritize patching due to the direct impact on access control boundaries.

Defensive priority

high

Recommended defensive actions

• Upgrade Drupal SAML SSO - Service Provider module to version 3.1.4 or later
• Review user privilege assignments for unexpected administrative access
• Monitor authentication logs for anomalous SAML assertion processing
• Apply principle of least privilege to SAML-authenticated accounts
• Verify SAML identity provider configuration integrity

Evidence notes

Official CVE record published 2026-05-28. Drupal security advisory SA-CONTRIB-2026-031 confirms affected versions and fix version. CWE-754 classification provided by NVD. No CVSS score or severity assigned at time of publication.

Official resources