Home / Vulnerability Intelligence / CVE-2026-32725

CVE-2026-32725 - Vulnerability Analysis

HighCVSS: 8.3

Last Updated: March 31, 2026

SciTokens C++ - Authorization Bypass

Published: March 31, 2026Updated: March 31, 2026Remote Exploitable

Overview

SciTokens C++ < 1.4.1 contains an authorization bypass caused by improper normalization of path-based scopes allowing parent-directory traversal in scope claims, letting attackers broaden authorization beyond intended directories, exploit requires crafted token scope.

Severity & Score

Severity: High

CVSS Score: 8.3

Impact

Attackers can bypass authorization to access resources beyond intended directories, potentially exposing sensitive data.

Mitigation

Update to version 1.4.1 or later.

References

https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08
https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32725
Severity: High
CVSS Score: 8.3
Type: broken_access_control
Status: new

CWE

CWE-23

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L