NVD Vulnerability Detail

CVE-2026-5343

Summary	Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.
Publication Date	May 29, 2026, 8:16 a.m.
Registration Date	May 30, 2026, 4:11 a.m.
Last Update	June 2, 2026, 2:29 a.m.

CVSS3.1 : HIGH
スコア	7.4
Vector	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	なし

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:miniorange:saml_sso_-_service_provider::::::drupal::*	3.0.1			3.1.4
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:::::drupal::

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.drupal.org/sa-contrib-2026-031	mlhess@drupal.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-754	例外的な状態における不適切なチェック	https://cwe.mitre.org/data/definitions/754.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:miniorange:saml_sso_-_service_provider::::::drupal::*	3.0.1			3.1.4
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:::::drupal::
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:::::drupal::