Browse all 5 CVE security advisories affecting scitokens. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SciTokens is an authentication system designed for scientific computing environments, enabling secure access to high-performance resources using standardized token-based credentials. Historically, vulnerabilities have included cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from improper input validation and insecure token handling. The project maintains a moderate security posture with five CVEs recorded, primarily related to token validation and web interface vulnerabilities. While no major incidents have been widely documented, the token-based architecture introduces inherent risks if token generation or verification processes are compromised, requiring careful implementation in high-trust research environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32725 | SciTokens C++: Relative Path Traversal Vulnerability — scitokens-cppCWE-23 | 8.3 | High | 2026-03-31 |
| CVE-2026-32726 | SciTokens C++: Sibling-Path Authorization Bypass — scitokens-cppCWE-863 | 8.1 | High | 2026-03-31 |
| CVE-2026-32727 | SciTokens: Authorization Bypass via Path Traversal in Scope Validation — scitokensCWE-22 | 8.1 | High | 2026-03-31 |
| CVE-2026-32716 | SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking — scitokensCWE-285 | 8.1 | High | 2026-03-31 |
| CVE-2026-32714 | SciTokens vulnerable to SQL Injection in KeyCache — scitokensCWE-89 | 9.8 | Critical | 2026-03-31 |
This page lists every published CVE security advisory associated with scitokens. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.