CVE-2026-3217

CVE-2026-3217: SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018

Vendor Drupal
Product SAML SSO - Service Provider
Weakness CWE-79 · XSS
Published March 25, 2026
Last update March 25, 2026

CVSS base score

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3.

Explanation of Vulnerability in Simple Terms

02Summary

The SAML SSO - Service Provider module for Drupal contains a cross-site scripting (XSS) vulnerability in versions before 3.1.3. An attacker can inject malicious scripts that execute in users' browsers when they interact with SAML authentication flows. The vulnerability stems from insufficient input sanitization in SAML response handling. Update to version 3.1.3 or later to remediate.

What an attacker can do

03Attacker Capabilities

Inject malicious JavaScript that runs in users' browsers during SAML authentication.

Potential impact on your site

04Site Impact

Attackers can steal session cookies, redirect users, or deface content seen during SAML login flows.

Conditions required to exploit

05Prerequisites

User interaction required; victim must visit a page or click a link containing the malicious payload.

Key dates

06Disclosure timeline

March 25, 2026 CVE published
March 25, 2026 Record updated