{"api_version":"1","generated_at":"2026-06-03T11:06:29+00:00","cve":"CVE-2026-5343","urls":{"html":"https://cve.report/CVE-2026-5343","api":"https://cve.report/api/cve/CVE-2026-5343.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-5343","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-5343"},"summary":{"title":"SAML SSO - Service Provider  - Critical - Authentication bypass - SA-CONTRIB-2026-031","description":"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\n\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.","state":"PUBLISHED","assigner":"drupal","published_at":"2026-05-28 23:16:44","updated_at":"2026-06-01 17:29:21"},"problem_types":["CWE-754","CWE-754 CWE-754 Improper Check for Unusual or Exceptional Conditions"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.4","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.drupal.org/sa-contrib-2026-031","name":"https://www.drupal.org/sa-contrib-2026-031","refsource":"mlhess@drupal.org","tags":["Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-5343","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5343","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Drupal","product":"SAML SSO - Service Provider","version":"affected 0.0.0 3.1.4 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Tim de Jong | Freelance Drupal Developer (tim_dj)","lang":"en"},{"source":"CNA","value":"Sudhanshu Dhage (sudhanshu0542)","lang":"en"},{"source":"CNA","value":"Damien McKenna (damienmckenna)","lang":"en"},{"source":"CNA","value":"Greg Knaddison (greggles)","lang":"en"},{"source":"CNA","value":"Juraj Nemec (poker10)","lang":"en"},{"source":"CNA","value":"Jess  (xjm)","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.91","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.92","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.93","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.94","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.95","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.96","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.97","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.98","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.99","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.991","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.992","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.993","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.994","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-1.995","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.51","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.52","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.53","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.54","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.55","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.56","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.60","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.61","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.70","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.71","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"7.x-2.72","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.121","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.122","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.11","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.13","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.14","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.16","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.17","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.18","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.19","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.20","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.21","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.22","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.23","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.24","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.25","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.26","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.27","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"5343","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"miniorange","cpe5":"saml_sso_-_service_provider","cpe6":"8.x-2.28","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"drupal","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"5343","cve":"CVE-2026-5343","epss":"0.000330000","percentile":"0.099480000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-5343","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-29T18:38:28.307589Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-29T18:38:36.072Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://www.drupal.org/project/miniorange_saml","defaultStatus":"unaffected","product":"SAML SSO - Service Provider","repo":"https://git.drupalcode.org/project/miniorange_saml","vendor":"Drupal","versions":[{"lessThan":"3.1.4","status":"affected","version":"0.0.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Tim de Jong | Freelance Drupal Developer (tim_dj)"},{"lang":"en","type":"remediation developer","value":"Sudhanshu Dhage (sudhanshu0542)"},{"lang":"en","type":"coordinator","value":"Damien McKenna (damienmckenna)"},{"lang":"en","type":"coordinator","value":"Greg Knaddison (greggles)"},{"lang":"en","type":"coordinator","value":"Juraj Nemec (poker10)"},{"lang":"en","type":"coordinator","value":"Jess  (xjm)"}],"datePublic":"2026-04-01T16:38:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.<p>This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.</p>"}],"value":"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\n\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233 Privilege Escalation"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-28T22:48:47.591Z","orgId":"2c85b837-eb8b-40ed-9d74-228c62987387","shortName":"drupal"},"references":[{"url":"https://www.drupal.org/sa-contrib-2026-031"}],"source":{"discovery":"UNKNOWN"},"title":"SAML SSO - Service Provider  - Critical - Authentication bypass - SA-CONTRIB-2026-031","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"2c85b837-eb8b-40ed-9d74-228c62987387","assignerShortName":"drupal","cveId":"CVE-2026-5343","datePublished":"2026-05-28T22:48:47.591Z","dateReserved":"2026-04-01T15:41:53.003Z","dateUpdated":"2026-05-29T18:38:36.072Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-28 23:16:44","lastModifiedDate":"2026-06-01 17:29:21","problem_types":["CWE-754","CWE-754 CWE-754 Improper Check for Unusual or Exceptional Conditions"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*","versionStartIncluding":"3.0.1","versionEndExcluding":"3.1.4","matchCriteriaId":"C6F52B9A-3CFE-466F-A234-164246498A37"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*","matchCriteriaId":"84285C85-DA43-4E22-B037-E386D9F1278B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:*:*:*:*:drupal:*:*","matchCriteriaId":"A217C5B5-0FD8-4AD1-932A-EACD0392F6A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:*:*:*:*:drupal:*:*","matchCriteriaId":"AE11E8A3-B5BB-4937-8B57-630E64E42AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:*:*:*:*:drupal:*:*","matchCriteriaId":"D23AA5C4-A6AE-4AA2-82B8-DF3AA0FF04D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:*:*:*:*:drupal:*:*","matchCriteriaId":"DF86737D-3CAD-44E9-B071-E81C7FC1CF01"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:*:*:*:*:drupal:*:*","matchCriteriaId":"C2E647DD-FCF7-4E66-822B-8B80010C5D08"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:*:*:*:*:drupal:*:*","matchCriteriaId":"9078C79B-5A2F-4A7C-A8D5-3DB9496BD935"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:*:*:*:*:drupal:*:*","matchCriteriaId":"2C7BD10D-4D5A-4570-893A-6ED20A6D0901"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:*:*:*:*:drupal:*:*","matchCriteriaId":"8AECFEA3-9D8C-4255-9B51-E352620F1EA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:*:*:*:*:drupal:*:*","matchCriteriaId":"D447F116-3078-4C45-B2DE-2CE1AF527EAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:*:*:*:*:drupal:*:*","matchCriteriaId":"5B610F53-4CA8-4871-ABB6-748924CAAADB"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:*:*:*:*:drupal:*:*","matchCriteriaId":"A5709CAD-064C-4E3D-9851-F2B5659AB779"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:*:*:*:*:drupal:*:*","matchCriteriaId":"B6C89604-FC97-42B2-9768-E9CA843303C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:*:*:*:*:drupal:*:*","matchCriteriaId":"81AB4FDD-0AB7-4ADA-BE5D-29DAFA89AED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:*:*:*:*:drupal:*:*","matchCriteriaId":"9158E6F7-B368-4D4D-941D-24FE1CF4C469"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:*:*:*:*:drupal:*:*","matchCriteriaId":"55E46423-A251-46BC-8390-E9B96B0C9999"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:*:*:*:*:drupal:*:*","matchCriteriaId":"9116503B-159E-45CE-AC5B-9DCC6FBA2F55"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:*:*:*:*:drupal:*:*","matchCriteriaId":"BCE0965A-307A-481F-AE89-3D59ACB89587"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:*:*:*:*:drupal:*:*","matchCriteriaId":"BAD4936D-A79B-4C0D-AC57-05A6CB550368"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:*:*:*:*:drupal:*:*","matchCriteriaId":"0DB94412-B773-46DD-A30A-B17B18279FF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:*:*:*:*:drupal:*:*","matchCriteriaId":"740A7FA8-562D-4F1E-A88F-0425B15C96B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:*:*:*:*:drupal:*:*","matchCriteriaId":"A499A397-6C64-45E4-AE5E-4EB8E70AC0F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:*:*:*:*:drupal:*:*","matchCriteriaId":"BEDB2E6B-66E4-4C56-B838-E67070C3E415"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:*:*:*:*:drupal:*:*","matchCriteriaId":"4A0528F0-9033-4E86-92EF-AEC3CFBEBE4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:*:*:*:*:drupal:*:*","matchCriteriaId":"407D66FF-2DAA-4508-BEBC-381E689E9584"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:*:*:*:*:drupal:*:*","matchCriteriaId":"B054CF40-DBE3-4D24-BF0D-DCDD6A398493"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:*:*:*:*:drupal:*:*","matchCriteriaId":"30136A1D-2253-46E5-9487-2CC862854AFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:*:*:*:*:drupal:*:*","matchCriteriaId":"F445C5E5-8EE3-4169-AD4B-DAD3F4CF2F5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:*:*:*:*:drupal:*:*","matchCriteriaId":"47613A3A-88F5-40D0-B601-67F28C2FA6FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:*:*:*:*:drupal:*:*","matchCriteriaId":"853ECB89-56FE-47EB-97A9-F0F3D45DEB70"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:*:*:*:*:drupal:*:*","matchCriteriaId":"83B7C3E3-362B-48A2-9529-38B4A5A30383"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:*:*:*:*:drupal:*:*","matchCriteriaId":"98F5FE3F-446F-44D4-8A9C-254C425F7B9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:*:*:*:*:drupal:*:*","matchCriteriaId":"FE593D34-2523-443F-884F-AB9F70BDA8B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:*:*:*:*:drupal:*:*","matchCriteriaId":"58AB1D59-B200-4A40-81B8-93DABFADE728"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:*:*:*:*:drupal:*:*","matchCriteriaId":"BDF488FE-0D7F-4FC3-AACA-C3EBA95467BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:*:*:*:*:drupal:*:*","matchCriteriaId":"69BF5026-7266-4DE8-8C3D-2DD587E94F83"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:*:*:*:*:drupal:*:*","matchCriteriaId":"8FB34EA2-CEE6-4BCD-8CA0-1ACE01303972"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:*:*:*:*:drupal:*:*","matchCriteriaId":"1CD65BCA-FA32-4B29-8ABC-DDD6E5F5F983"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:*:*:*:*:drupal:*:*","matchCriteriaId":"D622AC8B-9C93-4980-9ED7-FB44AB85D053"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:*:*:*:*:drupal:*:*","matchCriteriaId":"63130FF1-60A0-4A9F-ACED-749E30E150AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:*:*:*:*:drupal:*:*","matchCriteriaId":"86DAA1E4-A7C4-4E8D-BAAC-EA29D0830645"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:*:*:*:*:drupal:*:*","matchCriteriaId":"624524CC-7E86-4399-9D07-42A62B8DE86E"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:*:*:*:*:drupal:*:*","matchCriteriaId":"0261A511-1FE4-4FED-A585-008D30B14BD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:*:*:*:*:drupal:*:*","matchCriteriaId":"8843F860-4870-4401-89E4-EF3B03C1FC76"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:*:*:*:*:drupal:*:*","matchCriteriaId":"AA1F8D0E-1456-4F72-9A23-D9694472F6CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:*:*:*:*:drupal:*:*","matchCriteriaId":"CB400C08-920F-4164-B370-17731952492B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:*:*:*:*:drupal:*:*","matchCriteriaId":"EF010763-BC6C-4FC7-BD4E-972520493670"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:*:*:*:*:drupal:*:*","matchCriteriaId":"90079A7B-4EA8-4E92-A9E7-EE083D064D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:*:*:*:*:drupal:*:*","matchCriteriaId":"5B9FBE9C-AB62-43C8-8909-B028E9906031"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:*:*:*:*:drupal:*:*","matchCriteriaId":"9B46E4C7-3C88-46D3-9DAA-47AD4C93491C"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:*:*:*:*:drupal:*:*","matchCriteriaId":"1982052F-853F-444D-A00E-D80A40048CA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:*:*:*:*:drupal:*:*","matchCriteriaId":"72204C78-006C-4E3B-850D-FB752D82F8A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:*:*:*:*:drupal:*:*","matchCriteriaId":"50CFB922-DE38-483D-899E-57E068BE2907"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:*:*:*:*:drupal:*:*","matchCriteriaId":"F7082734-DCE0-4E86-BB04-D564FE389E9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:*:*:*:*:drupal:*:*","matchCriteriaId":"E13D9239-F933-4551-A75E-E8B27B3F6E19"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:*:*:*:*:drupal:*:*","matchCriteriaId":"8C9F4CC7-8E97-4760-94F7-F958AB1757F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:*:*:*:*:drupal:*:*","matchCriteriaId":"99FA10EB-189D-463B-A3F5-DC9696ACAC02"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:*:*:*:*:drupal:*:*","matchCriteriaId":"BDDF6A07-C809-42FB-8F0D-309AB75E878A"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:*:*:*:*:drupal:*:*","matchCriteriaId":"2522FA4B-CE2A-4400-ACFA-9149B2C761FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:*:*:*:*:drupal:*:*","matchCriteriaId":"ACAF856A-7A89-4F4C-BABA-438294EDD065"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:*:*:*:*:drupal:*:*","matchCriteriaId":"E63DEF35-CE9F-4FAF-B120-1C3E798BA839"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:*:*:*:*:drupal:*:*","matchCriteriaId":"2340C0C5-F37A-4412-8571-CECAC5A8FEA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:*:*:*:*:drupal:*:*","matchCriteriaId":"065C2669-52AB-4852-92B6-EF79E3CDB75B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:*:*:*:*:drupal:*:*","matchCriteriaId":"CC0025F1-3A5E-44BD-A7B2-5603A5AAC751"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:*:*:*:*:drupal:*:*","matchCriteriaId":"F9822AF6-0821-45C9-BAB5-E0A33A525857"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:*:*:*:*:drupal:*:*","matchCriteriaId":"9D363A34-FB03-4B57-BD85-761986741353"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:*:*:*:*:drupal:*:*","matchCriteriaId":"FB3F72BF-5BD2-48BF-B42E-2FF9E649C22E"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:*:*:*:*:drupal:*:*","matchCriteriaId":"3BC649B6-F649-4C99-9737-4DDFF07734DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:*:*:*:*:drupal:*:*","matchCriteriaId":"3158F7E5-2657-4842-A255-DE7899FE387D"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:*:*:*:*:drupal:*:*","matchCriteriaId":"B2656DB3-7F25-484B-9F78-FE9A00619DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:*:*:*:*:drupal:*:*","matchCriteriaId":"AC3A9AF8-538D-4E86-BDFB-4517A531AA92"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:*:*:*:*:drupal:*:*","matchCriteriaId":"0931AC5F-8D6E-426E-B7CC-B00B490AB305"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:*:*:*:*:drupal:*:*","matchCriteriaId":"280E6981-783C-4395-9A37-1D82A617B78B"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:*:*:*:*:drupal:*:*","matchCriteriaId":"8ED53809-CB59-403B-B0A5-CB6985AC64EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:*:*:*:*:drupal:*:*","matchCriteriaId":"EB67935B-EB59-4EB1-849B-0DAA9C71A6D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:*:*:*:*:drupal:*:*","matchCriteriaId":"0DC0D68D-893F-47B9-9AC8-1109ED5F524B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"5343","Ordinal":"1","Title":"SAML SSO - Service Provider  - Critical - Authentication bypass ","CVE":"CVE-2026-5343","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"5343","Ordinal":"1","NoteData":"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\n\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.","Type":"Description","Title":"SAML SSO - Service Provider  - Critical - Authentication bypass "}]}}}