Home / Vulnerability Intelligence / CVE-2026-41669

CVE-2026-41669 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: May 7, 2026

Admidio - Authentication Bypass

Published: May 7, 2026Updated: May 7, 2026Remote Exploitable

Overview

Admidio < 5.0.9 contains a broken authentication caused by improper handling of validateSignature() return values in SAML Identity Provider, letting attackers bypass signature verification, exploit requires crafted unsigned or invalidly-signed SAML requests.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can bypass SAML signature verification, allowing unauthorized authentication and session manipulation.

Mitigation

Upgrade to version 5.0.9 or later.

References

https://github.com/Admidio/admidio/releases/tag/v5.0.9
https://github.com/Admidio/admidio/security/advisories/GHSA-25cw-98hg-g3cg

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41669
Severity: High
CVSS Score: 8.2
Type: broken_authentication
Status: new

CWE

CWE-347

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N