By vendor

Miniorange vulnerabilities

Known CVEs affecting Miniorange products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-5343HIGH 7.4

    A privilege escalation vulnerability exists in miniOrange's SAML SSO Service Provider module for Drupal. The vulnerability stems from improper validation of exceptional conditions during SAML authentication. An unauthenticated attacker can craft specific SAML responses that bypass security checks, allowing them to escalate privileges within the Drupal application. The flaw affects all versions before 3.1.4, making it a significant risk for any Drupal installation relying on this SSO module for authentication.