CVE-2026-41670— Admidio SAML响应发送到未验证的ACS URL漏洞
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-41670 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the registered ACS URL (smc_acs_url) stored in the database for the corresponding service provider client. An attacker who knows the Entity ID of a registered SP client can craft a SAML AuthnRequest with an arbitrary AssertionConsumerServiceURL, causing the IdP to send the signed SAML response -- containing user identity attributes (login name, email, roles, profile fields) -- to an attacker-controlled URL. This issue has been patched in version 5.0.9.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
输入验证不恰当
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-41670 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC已实测靶场 高级
Qwen3.6-35B-A3B · 6848 chars
付费版包含:
漏洞原理深度分析
触发条件与影响面
完整可执行 POC 代码
利用链与缓解建议
POC 打包下载
每月 100+ 条 AI 生成额度
三、漏洞 CVE-2026-41670 的情报信息
Please 登录 to view more intelligence information
- Release 5.0.9 · Admidio/admidio · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-41670
同批安全公告 · Admidio · 2026-05-07 · 共 13 条
| CVE-2026-41669 | 8.2 HIGH | Admidio SAML签名验证忽略漏洞 |
| CVE-2026-41660 | 7.1 HIGH | Admidio 2FA重置授权检查漏洞导致管理员TOTP被移除 |
| CVE-2026-41671 | 6.8 MEDIUM | Admidio OIDC令牌验证绕过漏洞 |
| CVE-2026-42194 | 6.8 MEDIUM | Admidio CVE-2026-32812 SSRF漏洞 |
| CVE-2026-41658 | 6.5 MEDIUM | Admidio 库存模块缺失授权允许删除 |
| CVE-2026-41655 | 6.5 MEDIUM | Admidio 贺卡预览路径穿越漏洞 |
| CVE-2026-41661 | 6.1 MEDIUM | Admidio 反射型 XSS 漏洞(msg_window.php) |
| CVE-2026-41662 | 5.2 MEDIUM | Admidio 角色成员移除缺少最低管理员检查 |
| CVE-2026-41657 | 4.9 MEDIUM | Admidio contacts_data.php 越权致成员数据泄露 |
| CVE-2026-41656 | 4.5 MEDIUM | Admidio 文档添加模式下路径遍历漏洞 |
| CVE-2026-41663 | 3.5 LOW | Admidio后台CSRF致越权备份及写.htaccess |
| CVE-2026-41659 | 2.7 LOW | Admidio 成员分配盲注致配置文件字段值泄露漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-41670
暂无评论