Home

Description

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.

PUBLISHED Reserved 2026-03-10 | Published 2026-07-09 | Updated 2026-07-09 | Assigner Nozomi




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L

HIGH: 7.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Problem types

CWE-601 URL redirection to untrusted site ('open redirect')

Product status

Default status
unaffected

Any version before 26.2.0
affected

Default status
unaffected

Any version before 26.2.0
affected

Credits

This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation. finder

References

security.nozominetworks.com/NN-2026:9-01

cve.org (CVE-2026-31982)

nvd.nist.gov (CVE-2026-31982)

Download JSON