CVE-2026-41670 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: May 7, 2026
Admidio - Authentication Bypass
Published: May 7, 2026Updated: May 7, 2026Remote Exploitable
Overview
Admidio < 5.0.9 contains an information disclosure vulnerability caused by unvalidated AssertionConsumerServiceURL in SAML AuthnRequest, letting attackers with knowledge of Entity ID redirect signed SAML responses to attacker-controlled URLs, exploit requires attacker to know registered SP client Entity ID.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Attackers can obtain signed SAML responses with user identity attributes by redirecting them to attacker-controlled URLs, leading to sensitive information disclosure.
Mitigation
Upgrade to version 5.0.9 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-41670
- Severity
- High
- CVSS Score
- 8.2
- Type
- broken_authentication
- Status
- new
CWE
- CWE-20
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N