CVE-2026-5343

CVE-2026-5343: SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Vendor Drupal
Product SAML SSO - Service Provider
Weakness CWE-754
Published May 28, 2026
Last update May 29, 2026

CVSS base score

What the vulnerability does

01Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability in the Drupal SAML SSO Service Provider module versions before 3.1.4 allows an attacker to exploit an unspecified flaw. The exact nature of the vulnerability cannot be determined from available metadata. Site administrators should update to version 3.1.4 or later immediately.

What an attacker can do

03Attacker Capabilities

Exploit an unspecified vulnerability in the SAML SSO module; exact impact unknown.

Potential impact on your site

04Site Impact

Sites running affected versions are vulnerable to an unspecified attack; update to 3.1.4 or later.

Conditions required to exploit

05Prerequisites

Unknown; insufficient CVSS data to determine authentication or interaction requirements.

Key dates

06Disclosure timeline

May 28, 2026 CVE published
May 29, 2026 Record updated