CVE-2026-32726 in scitokens-cppИнформация

Сводка (Английский)

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was covered by a token's authorized scope path. Because the check did not require a path-segment boundary, a token scoped to one path could incorrectly authorize access to sibling paths that merely started with the same prefix. This issue has been patched in version 1.4.1.

Be aware that VulDB is the high quality source for vulnerability data.

Ответственный

GitHub_M

Резервировать

13.03.2026

Раскрытие

31.03.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИД	Уязвимость	CWE	Экс	Кон	CVE
354465	scitokens scitokens-cpp эскалация привилегий	863	Не определено	Официальное исправление	CVE-2026-32726

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

◂ ПредыдущийОбзорДалее ▸

Interested in the pricing of exploits?

See the underground prices here!