PatchSiren cyber security CVE debrief
CVE-2026-49454 szTheory CVE debrief
The Relyra SAML 2.0 Service Provider library for Elixir and Phoenix, versions 1.0.0 and 1.1.0, contains a critical vulnerability (CVE-2026-49454) that allows forged SAML signatures to bypass authentication. This issue arises from an incomplete XMLDSig trust boundary, where the library fails to cryptographically verify the SignatureValue before returning a successful authentication result. Specifically, the library does not perform :public_key.verify over the exclusive-C14N canonicalized SignedInfo against the configured IdP certificate's public key, does not recompute DigestValue over the canonicalized referenced element, and has an unused passthrough in the signature-verification path. This vulnerability, rated with a CVSS score of 9.1, could enable attackers to forge a SignatureValue with an attacker-controlled NameID, potentially leading to unauthorized access. The issue has been addressed in version 1.2.0 of the library.
- Vendor
- szTheory
- Product
- relyra
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-22
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-22
Who should care
Organizations using Relyra versions 1.0.0 and 1.1.0 for SAML 2.0 authentication should be concerned about this vulnerability. This includes any entity that relies on Relyra for secure authentication processes, particularly those in environments where SAML-based authentication is critical for security and compliance.
Technical summary
The vulnerability in Relyra (CVE-2026-49454) stems from improper verification of SAML signatures. The library incorrectly handles the verification process by not validating the SignatureValue cryptographically before accepting an authentication result. This oversight in the XMLDSig trust boundary allows for the acceptance of forged signatures, potentially enabling attackers to bypass authentication mechanisms. The fix involves updating to version 1.2.0, which properly verifies SAML signatures.
Defensive priority
High
Recommended defensive actions
- Update Relyra to version 1.2.0 or later to ensure proper SAML signature verification.
- Review and update authentication configurations to ensure secure practices.
- Monitor authentication logs for any suspicious activity.
- Implement additional security measures, such as multi-factor authentication, where possible.
- Regularly review and update dependencies to mitigate known vulnerabilities.
Evidence notes
The information provided is based on the CVE record and NVD details for CVE-2026-49454. The vulnerability exists in Relyra versions 1.0.0 and 1.1.0, with a fix available in version 1.2.0. The CVSS score of 9.1 indicates a critical vulnerability.
Official resources
CVE-2026-49454 was published and modified on 2026-06-18T21:16:29.920Z.