CVE-2026-5343

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-5343
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

7.4 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.drupal.org/sa-contrib-2026-031 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:*:*:*:*:drupal:*:*
History

01 Jun 2026, 17:29

Type Values Removed Values Added
First Time Miniorange saml Sso - Service Provider
Miniorange
CPE cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:*:*:*:*:drupal:*:*
cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:*:*:*:*:drupal:*:*
References () https://www.drupal.org/sa-contrib-2026-031 - () https://www.drupal.org/sa-contrib-2026-031 - Vendor Advisory

29 May 2026, 20:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.4

28 May 2026, 23:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-05-28 23:16

Updated : 2026-06-01 17:29

NVD link : CVE-2026-5343

Mitre link : CVE-2026-5343

CVE.ORG link : CVE-2026-5343

JSON object : View

Products Affected

miniorange

  • saml_sso_-_service_provider
CWE
CWE-754

Improper Check for Unusual or Exceptional Conditions