CVE-2026-46490: XML Injection in samlify SAML Library Enables Privilege Escalation
A flaw in samlify, a Node.js SAML authentication library, allows attackers to inject malicious XML into SAML assertions. When user attributes (like email or display name) are processed during single sign-on, an attacker can add fake authorization attributes that get signed by the identity provider and trusted by the service provider. This can lead to privilege escalation if the application relies on SAML attributes for access control decisions.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 8.8 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Weaknesses (CWE)
- CWE-91
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-08 / 2026-06-17
NVD description (verbatim)
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46490 is an XML injection vulnerability in samlify versions prior to 2.13.0. The library's template substitution logic escapes values only in attribute contexts but fails to escape values inserted into element text nodes. An authenticated attacker can inject XML markup into SAML attribute values (such as email or name fields) to create new <saml:Attribute> elements within the signed assertion. Because the assertion is cryptographically signed by the identity provider, the service provider treats the injected attributes as authentic. This bypasses trust boundaries when attributes are used for authorization decisions.
Business impact
Organizations deploying samlify for federated authentication face a critical insider threat vector. Authenticated users—including contractors, ex-employees with lingering access, or compromised accounts—can escalate their privileges by injecting role or group attributes into their own SAML assertions. If applications use SAML attributes to gate access to sensitive features, data, or administrative functions, attackers can gain unauthorized access without needing to compromise the identity provider itself. This is particularly severe in multi-tenant or cloud environments where attribute-based access control is a key security boundary.
Affected systems
samlify versions below 2.13.0 are vulnerable. This includes all applications and platforms that integrate samlify as a dependency for SAML service provider functionality. The vulnerability requires the attacker to have valid credentials to initiate authentication, limiting exposure to users with existing accounts. Applications using samlify with role-based or attribute-based authorization are at highest risk.
Exploitability
Exploitability is high in practical scenarios. The attack requires the attacker to be an authenticated user (PR:L), but no user interaction is needed after authentication (UI:N). The vulnerability is network-accessible (AV:N) and does not require special conditions (AC:L). An attacker with any valid login can craft a malicious attribute value during authentication and achieve privilege escalation. No authentication bypass is required—the exploit leverages existing trust in the SAML signing process.
Remediation
Upgrade samlify to version 2.13.0 or later. This version implements proper output encoding for all template substitution contexts, including element text nodes. Organizations should inventory all applications and services using samlify as a direct or transitive dependency and prioritize patching in environments where SAML attributes drive authorization decisions. Verify the patch by checking release notes and confirming the version constraint in package-lock.json or equivalent dependency manifests.
Patch guidance
Apply version 2.13.0 as the minimum safe version. Update your package.json dependency constraint for samlify to >=2.13.0. Run npm audit after updating to confirm no other vulnerabilities are introduced. Test federated authentication flows in a staging environment to verify that legitimate SAML assertions are still processed correctly after the upgrade. For applications with pinned versions, carefully update to 2.13.0 and validate against your SAML IdP and any custom assertion handling.
Detection guidance
Monitor authentication logs for unusual or malformed SAML assertions being processed by samlify instances. Look for attribute values containing XML special characters or markup (<, >, &) in fields that should contain plain text (email, name, etc.). Analyze SAML assertions logged by the service provider for unexpected attributes that do not originate from your identity provider configuration. Implement runtime validation of SAML attributes—reject any attribute structure that deviates from the IdP schema, particularly for authorization-critical attributes. Use SAML profiling or inspection tools to baseline normal assertion structure and alert on deviations.
Why prioritize this
This vulnerability merits immediate attention due to its CVSS score of 8.8 (HIGH), combined with practical exploitability by any authenticated user and direct impact on authorization. Unlike vulnerabilities requiring advanced attack chains, this flaw can be exploited with standard SAML tooling and basic XML knowledge. The attack surface includes all users with valid credentials, and the impact—privilege escalation via attribute injection—directly undermines access control. Organizations relying on SAML for multi-tenant or role-based security boundaries should treat this as a critical patch.
Risk score, explained
The CVSS 3.1 score of 8.8 reflects high confidentiality, integrity, and availability impact (C:H, I:H, A:H) combined with low attack complexity and no required user interaction. The requirement for prior authentication (PR:L) prevents remote anonymous exploitation but does not reduce the score significantly, as any user can be an attacker. The unchanged scope (S:U) indicates the impact is limited to the vulnerable service, though in practice the blast radius depends on what the application does with trusted attributes. The score accurately represents the severity in typical SAML deployments.
Frequently asked questions
Can this vulnerability be exploited without authentication?
No. The attacker must have valid credentials to initiate SAML authentication. However, this is a low bar—it includes any user with a legitimate account, making the threat realistic in organizations with many users or contractor accounts.
Does patching samlify automatically prevent privilege escalation on existing applications?
Patching prevents new attacks going forward. Applications must also audit their authorization logic to ensure they do not blindly trust SAML attributes for sensitive decisions. Additional validation, such as checking attributes against a trusted directory or scoping them to allowed values, provides defense in depth.
How do I know if my application is vulnerable?
Check your package.json and lock files for samlify versions below 2.13.0. Run npm list samlify to see the installed version. If you see a version lower than 2.13.0, your application is vulnerable and should be patched immediately.
What is the relationship between samlify and other SAML libraries?
samlify is a standalone Node.js library for SAML SSO. It is distinct from other SAML libraries like node-saml, passport-saml, or enterprise solutions. Vulnerability fixes in samlify do not affect other libraries, so you should patch each SAML dependency independently based on its own advisory.
This analysis is based on the CVE record and vendor advisory as of the publication date. Organizations should consult the official samlify release notes and their own SAML infrastructure documentation before implementing patches. The vulnerability assessment assumes standard SAML deployment patterns; custom implementations or assertion handling logic may introduce additional risk or mitigation. This explainer does not constitute security advice; engage your security team and vendor support for guidance specific to your environment. Source: NVD (public-domain), retrieved 2026-07-16. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-11169HIGHChrome XML Injection UXSS Vulnerability – High-Risk Patch Required
- CVE-2016-20062HIGHSQL Injection in Simply Poll 1.4.1 WordPress Plugin - Unauthenticated Data Theft
- CVE-2016-20063HIGHSQL Injection in Single Personal Message 1.0.3 – Credential & Data Theft Risk
- CVE-2016-20065HIGHUnauthenticated SQL Injection in Product Catalog 8 WordPress Plugin
- CVE-2017-20243HIGHWordPress Car Park Booking Plugin SQL Injection Vulnerability
- CVE-2017-20244HIGHSQL Injection in Wow Forms WordPress Plugin v2.1 – Critical Unauth Database Extraction
- CVE-2017-20245HIGHWow Viral Signups Plugin SQL Injection Vulnerability – Analysis & Patches
- CVE-2017-20246HIGHKittyCatfish 2.2 SQL Injection Vulnerability – WordPress Plugin Security Alert