CRITICAL
szTheory
CVE published 2026-06-18
CVE-2026-49454
The Relyra SAML 2.0 Service Provider library for Elixir and Phoenix, versions 1.0.0 and 1.1.0, contains a critical vulnerability (CVE-2026-49454) that allows forged SAML signatures to bypass authentication. This issue arises from an incomplete XMLDSig trust boundary, where the library fails to cryptographically verify the SignatureValue before returning a successful authentication result. Specifically, th [truncated]