ruby-saml Libxml2 Canonicalization errors can bypass Digest/Signature validation
Description
The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrapping attack. When libxml2’s canonicalization is invoked on an invalid XML input, it may return an empty string rather than a canonicalized node. ruby-saml then proceeds to compute the DigestValue over this empty string, treating it as if canonicalization succeeded. This issue is fixed in version 1.18.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ruby-saml <= 1.12.4 is vulnerable to authentication bypass via a Signature Wrapping attack, because libxml2 canonicalization can return an empty string on invalid XML, which is then used for digest validation.
Vulnerability
Analysis
The ruby-saml library (client-side SAML implementation) contains an authentication bypass vulnerability in versions up to and including 1.12.4. The root cause lies in the interaction between libxml2's canonicalization process (invoked via Nokogiri) and ruby-saml's digest validation logic. When libxml2 is asked to canonicalize an invalid XML input, it may return an empty string instead of a canonicalized node. ruby-saml then computes the DigestValue over this empty string, treating it as if canonicalization succeeded [2][4].
Exploitation
Mechanics
An attacker can exploit this by crafting a SAML response (or any XML payload) that triggers the canonicalization failure. This constitutes a Signature Wrapping attack: the attacker injects malicious XML content that bypasses the intended signature verification because the digest is computed over an empty canonical form, not the actual payload. The attacker does not need to forge a valid signature; they only need to cause the canonicalization to fail on the targeted node [1][4]. The attack can be performed without any special network privileges, as the attacker can inject crafted SAML messages (e.g., via a malicious IdP or content injection).
Impact
Successful exploitation allows an attacker to bypass SAML authentication entirely. The digest validation is effectively bypassed because the signature is checked against an empty canonicalized string. Additionally, if an empty string has been signed previously (e.g., in another context), the signature could be replayed, further undermining integrity checks [4]. This can lead to unauthorized access to any application relying on ruby-saml for authentication.
Mitigation
The vulnerability is fixed in ruby-saml version 1.18.0. All users running versions prior to 1.18.0 (including 1.12.4) should upgrade immediately. The ruby-saml maintainers have also released version 1.18.1 to address a related follow-on issue, but 1.18.0 contains the primary fix described in this advisory [1][2]. No workaround is provided; upgrading is required.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ruby-samlRubyGems | < 1.18.0 | 1.18.0 |
Affected products
2- Range: <=1.12.4
- SAML-Toolkits/ruby-samlv5Range: < 1.18.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-x4h9-gwv3-r4m4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66568ghsaADVISORY
- github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349aghsax_refsource_MISCWEB
- github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-x4h9-gwv3-r4m4ghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/ruby-saml/CVE-2025-66568.ymlghsaWEB
News mentions
1- The Fragile Lock: Novel Bypasses For SAML AuthenticationPortSwigger Research · Dec 10, 2025