VYPR
High severity7.4NVD Advisory· Published May 28, 2026· Updated Jun 1, 2026

CVE-2026-5343

CVE-2026-5343

Description

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.

This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

78
  • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*+ 76 more
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:*:*:*:*:drupal:*:*
    • cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*range: >=3.0.1,<3.1.4

Patches

Vulnerability mechanics

References

1

News mentions

1