Description
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who subsequently initiate SAML Single Sign-On, enabling phishing and credential-theft attacks, as well as disrupting SAML authentication for all affected users.
Problem types
CWE-601 URL redirection to untrusted site ('open redirect')
Product status
Any version before 26.2.0
Any version before 26.2.0
Credits
This issue was found by Andrea Palanca of Nozomi Networks Product Security team during an internal investigation.
References
security.nozominetworks.com/NN-2026:9-01