CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
-
Updated
Jun 30, 2026 - JavaScript
CVE-2026-46490 — samlify <2.13.0 SAML AttributeValue XML injection -> signed-assertion privilege escalation. Self-contained PoC, verified e2e.
Add a description, image, and links to the xml-injection topic page so that developers can more easily learn about it.
To associate your repository with the xml-injection topic, visit your repo's landing page and select "manage topics."