HIGH 8.8

CVE-2026-46490: XML Injection in samlify SAML Library Enables Privilege Escalation

A flaw in samlify, a Node.js SAML authentication library, allows attackers to inject malicious XML into SAML assertions. When user attributes (like email or display name) are processed during single sign-on, an attacker can add fake authorization attributes that get signed by the identity provider and trusted by the service provider. This can lead to privilege escalation if the application relies on SAML attributes for access control decisions.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses (CWE)
CWE-91
Affected products
1 configuration(s)
Published / Modified
2026-06-08 / 2026-06-17

NVD description (verbatim)

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46490 is an XML injection vulnerability in samlify versions prior to 2.13.0. The library's template substitution logic escapes values only in attribute contexts but fails to escape values inserted into element text nodes. An authenticated attacker can inject XML markup into SAML attribute values (such as email or name fields) to create new <saml:Attribute> elements within the signed assertion. Because the assertion is cryptographically signed by the identity provider, the service provider treats the injected attributes as authentic. This bypasses trust boundaries when attributes are used for authorization decisions.

Business impact

Organizations deploying samlify for federated authentication face a critical insider threat vector. Authenticated users—including contractors, ex-employees with lingering access, or compromised accounts—can escalate their privileges by injecting role or group attributes into their own SAML assertions. If applications use SAML attributes to gate access to sensitive features, data, or administrative functions, attackers can gain unauthorized access without needing to compromise the identity provider itself. This is particularly severe in multi-tenant or cloud environments where attribute-based access control is a key security boundary.

Affected systems

samlify versions below 2.13.0 are vulnerable. This includes all applications and platforms that integrate samlify as a dependency for SAML service provider functionality. The vulnerability requires the attacker to have valid credentials to initiate authentication, limiting exposure to users with existing accounts. Applications using samlify with role-based or attribute-based authorization are at highest risk.

Exploitability

Exploitability is high in practical scenarios. The attack requires the attacker to be an authenticated user (PR:L), but no user interaction is needed after authentication (UI:N). The vulnerability is network-accessible (AV:N) and does not require special conditions (AC:L). An attacker with any valid login can craft a malicious attribute value during authentication and achieve privilege escalation. No authentication bypass is required—the exploit leverages existing trust in the SAML signing process.

Remediation

Upgrade samlify to version 2.13.0 or later. This version implements proper output encoding for all template substitution contexts, including element text nodes. Organizations should inventory all applications and services using samlify as a direct or transitive dependency and prioritize patching in environments where SAML attributes drive authorization decisions. Verify the patch by checking release notes and confirming the version constraint in package-lock.json or equivalent dependency manifests.

Patch guidance

Apply version 2.13.0 as the minimum safe version. Update your package.json dependency constraint for samlify to >=2.13.0. Run npm audit after updating to confirm no other vulnerabilities are introduced. Test federated authentication flows in a staging environment to verify that legitimate SAML assertions are still processed correctly after the upgrade. For applications with pinned versions, carefully update to 2.13.0 and validate against your SAML IdP and any custom assertion handling.

Detection guidance

Monitor authentication logs for unusual or malformed SAML assertions being processed by samlify instances. Look for attribute values containing XML special characters or markup (<, >, &) in fields that should contain plain text (email, name, etc.). Analyze SAML assertions logged by the service provider for unexpected attributes that do not originate from your identity provider configuration. Implement runtime validation of SAML attributes—reject any attribute structure that deviates from the IdP schema, particularly for authorization-critical attributes. Use SAML profiling or inspection tools to baseline normal assertion structure and alert on deviations.

Why prioritize this

This vulnerability merits immediate attention due to its CVSS score of 8.8 (HIGH), combined with practical exploitability by any authenticated user and direct impact on authorization. Unlike vulnerabilities requiring advanced attack chains, this flaw can be exploited with standard SAML tooling and basic XML knowledge. The attack surface includes all users with valid credentials, and the impact—privilege escalation via attribute injection—directly undermines access control. Organizations relying on SAML for multi-tenant or role-based security boundaries should treat this as a critical patch.

Risk score, explained

The CVSS 3.1 score of 8.8 reflects high confidentiality, integrity, and availability impact (C:H, I:H, A:H) combined with low attack complexity and no required user interaction. The requirement for prior authentication (PR:L) prevents remote anonymous exploitation but does not reduce the score significantly, as any user can be an attacker. The unchanged scope (S:U) indicates the impact is limited to the vulnerable service, though in practice the blast radius depends on what the application does with trusted attributes. The score accurately represents the severity in typical SAML deployments.

Frequently asked questions

Can this vulnerability be exploited without authentication?

No. The attacker must have valid credentials to initiate SAML authentication. However, this is a low bar—it includes any user with a legitimate account, making the threat realistic in organizations with many users or contractor accounts.

Does patching samlify automatically prevent privilege escalation on existing applications?

Patching prevents new attacks going forward. Applications must also audit their authorization logic to ensure they do not blindly trust SAML attributes for sensitive decisions. Additional validation, such as checking attributes against a trusted directory or scoping them to allowed values, provides defense in depth.

How do I know if my application is vulnerable?

Check your package.json and lock files for samlify versions below 2.13.0. Run npm list samlify to see the installed version. If you see a version lower than 2.13.0, your application is vulnerable and should be patched immediately.

What is the relationship between samlify and other SAML libraries?

samlify is a standalone Node.js library for SAML SSO. It is distinct from other SAML libraries like node-saml, passport-saml, or enterprise solutions. Vulnerability fixes in samlify do not affect other libraries, so you should patch each SAML dependency independently based on its own advisory.

This analysis is based on the CVE record and vendor advisory as of the publication date. Organizations should consult the official samlify release notes and their own SAML infrastructure documentation before implementing patches. The vulnerability assessment assumes standard SAML deployment patterns; custom implementations or assertion handling logic may introduce additional risk or mitigation. This explainer does not constitute security advice; engage your security team and vendor support for guidance specific to your environment. Source: NVD (public-domain), retrieved 2026-07-16. Analysis generated by SEC.co (claude-haiku-4-5).