PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-54714 logto-io CVE debrief

CVE-2026-54714 is a reflected cross-site scripting (XSS) vulnerability in the Logto open-source auth infrastructure for SaaS and AI apps. The vulnerability exists in the SAML application flow, specifically in the @logto/core package. An attacker could inject script into the Logto tenant origin after a user completes login by crafting a RelayState value in the GET or POST /api/saml/:id/authn request. The issue was fixed in version 1.41.0. Users should review their SAML application flows for potential vulnerabilities and ensure proper input validation and output encoding.

Vendor
logto-io
Product
logto
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of Logto open-source auth infrastructure for SaaS and AI apps, particularly those using SAML for authentication, should be aware of this vulnerability. The vulnerability has a CVSS score of 6.1, indicating a medium severity level. Affected operators, platform administrators, vulnerability management teams, and security teams should prioritize updating Logto to version 1.41.0 or later.

Technical summary

The vulnerability exists in the utils.ts file of the SamlApplication in @logto/core. The code reflects the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form without proper HTML-attribute escaping. This allows an attacker to inject malicious script into the Logto tenant origin after a user completes login. The issue was fixed in version 1.41.0. Affected operators, platform administrators, vulnerability management teams, and security teams should prioritize updating Logto to version 1.41.0 or later and review their SAML application flows for potential vulnerabilities.

Defensive priority

Medium priority should be given to updating Logto to version 1.41.0 or later. Users should also review their SAML application flows for potential vulnerabilities and ensure proper input validation and output encoding. Monitoring for suspicious activity in Logto tenant origins is also recommended. Additionally, consider implementing compensating controls for exposed systems while remediation is scheduled and verified. Asset inventory and rollback/change windows should be reviewed as part of the remediation process. Source tracking and exposure review are also essential steps in addressing this vulnerability. Lastly, ensure that relevant monitoring, detection, and logs are checked for exposed assets that need extra review. Exceptions should be tracked, and remediated assets should be retested before closing the item, with evidence documented accordingly. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up. Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed. Check relevant monitoring, detection, and logs for exposed assets that need extra review. Track exceptions, retest remediated assets, and close the item only after evidence is documented. Review compensating controls for exposed systems while remediation is scheduled and verified. Ensure proper input validation and output encoding. Monitor for suspicious activity in Logto tenant origins. Consider implementing asset inventory and rollback/change windows as part of the remediation process. Source tracking and exposure review are also essential steps in addressing this vulnerability. Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up. Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance. Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed. Check relevant monitoring, detection, and logs for exposed assets that need extra review. Track

Recommended defensive actions

  • Update Logto to version 1.41.0 or later
  • Review SAML application flows for potential vulnerabilities
  • Ensure proper input validation and output encoding
  • Monitor for suspicious activity in Logto tenant origins
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-10T20:16:46.173Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The Logto open-source auth infrastructure for SaaS and AI apps has a reflected cross-site scripting (XSS) vulnerability. The vulnerability exists in the SAML application flow, specifically in the @logto/core package. The CVE record does not provide additional information on exploitation or affected systems.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T20:16:46.173Z and has not been modified since then. The NVD entry is currently in the 'Received' status.