CVE-2026-5343: SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Published May 28, 2026
·Updated
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.
Affected Software
78 affected components
Drupal SAML SSO - Service Provider>=0.0.0<3.1.4
miniOrange Saml Sso - Service Provider Drupal>=3.0.1<3.1.4
miniOrange Saml Sso - Service Provider Drupal=7.x-1.0
miniOrange Saml Sso - Service Provider Drupal=7.x-1.1
miniOrange Saml Sso - Service Provider Drupal=7.x-1.2
miniOrange Saml Sso - Service Provider Drupal=7.x-1.3
miniOrange Saml Sso - Service Provider Drupal=7.x-1.4
miniOrange Saml Sso - Service Provider Drupal=7.x-1.5
miniOrange Saml Sso - Service Provider Drupal=7.x-1.6
miniOrange Saml Sso - Service Provider Drupal=7.x-1.7
miniOrange Saml Sso - Service Provider Drupal=7.x-1.8
miniOrange Saml Sso - Service Provider Drupal=7.x-1.9
miniOrange Saml Sso - Service Provider Drupal=7.x-1.91
miniOrange Saml Sso - Service Provider Drupal=7.x-1.92
miniOrange Saml Sso - Service Provider Drupal=7.x-1.93
miniOrange Saml Sso - Service Provider Drupal=7.x-1.94
miniOrange Saml Sso - Service Provider Drupal=7.x-1.95
miniOrange Saml Sso - Service Provider Drupal=7.x-1.96
miniOrange Saml Sso - Service Provider Drupal=7.x-1.97
miniOrange Saml Sso - Service Provider Drupal=7.x-1.98
miniOrange Saml Sso - Service Provider Drupal=7.x-1.99
miniOrange Saml Sso - Service Provider Drupal=7.x-1.991
miniOrange Saml Sso - Service Provider Drupal=7.x-1.992
miniOrange Saml Sso - Service Provider Drupal=7.x-1.993
miniOrange Saml Sso - Service Provider Drupal=7.x-1.994
miniOrange Saml Sso - Service Provider Drupal=7.x-1.995
miniOrange Saml Sso - Service Provider Drupal=7.x-2.0
miniOrange Saml Sso - Service Provider Drupal=7.x-2.1
miniOrange Saml Sso - Service Provider Drupal=7.x-2.2
miniOrange Saml Sso - Service Provider Drupal=7.x-2.3
miniOrange Saml Sso - Service Provider Drupal=7.x-2.4
miniOrange Saml Sso - Service Provider Drupal=7.x-2.5
miniOrange Saml Sso - Service Provider Drupal=7.x-2.51
miniOrange Saml Sso - Service Provider Drupal=7.x-2.52
miniOrange Saml Sso - Service Provider Drupal=7.x-2.53
miniOrange Saml Sso - Service Provider Drupal=7.x-2.54
miniOrange Saml Sso - Service Provider Drupal=7.x-2.55
miniOrange Saml Sso - Service Provider Drupal=7.x-2.56
miniOrange Saml Sso - Service Provider Drupal=7.x-2.60
miniOrange Saml Sso - Service Provider Drupal=7.x-2.61
miniOrange Saml Sso - Service Provider Drupal=7.x-2.70
miniOrange Saml Sso - Service Provider Drupal=7.x-2.71
miniOrange Saml Sso - Service Provider Drupal=7.x-2.72
miniOrange Saml Sso - Service Provider Drupal=8.x-1.0
miniOrange Saml Sso - Service Provider Drupal=8.x-1.1
miniOrange Saml Sso - Service Provider Drupal=8.x-1.2
miniOrange Saml Sso - Service Provider Drupal=8.x-1.3
miniOrange Saml Sso - Service Provider Drupal=8.x-1.4
miniOrange Saml Sso - Service Provider Drupal=8.x-1.5
miniOrange Saml Sso - Service Provider Drupal=8.x-1.6
miniOrange Saml Sso - Service Provider Drupal=8.x-1.7
miniOrange Saml Sso - Service Provider Drupal=8.x-1.8
miniOrange Saml Sso - Service Provider Drupal=8.x-1.9
miniOrange Saml Sso - Service Provider Drupal=8.x-1.10
miniOrange Saml Sso - Service Provider Drupal=8.x-1.11
miniOrange Saml Sso - Service Provider Drupal=8.x-1.12
miniOrange Saml Sso - Service Provider Drupal=8.x-1.121
miniOrange Saml Sso - Service Provider Drupal=8.x-1.122
miniOrange Saml Sso - Service Provider Drupal=8.x-2.0
miniOrange Saml Sso - Service Provider Drupal=8.x-2.1
miniOrange Saml Sso - Service Provider Drupal=8.x-2.11
miniOrange Saml Sso - Service Provider Drupal=8.x-2.12
miniOrange Saml Sso - Service Provider Drupal=8.x-2.13
miniOrange Saml Sso - Service Provider Drupal=8.x-2.14
miniOrange Saml Sso - Service Provider Drupal=8.x-2.15
miniOrange Saml Sso - Service Provider Drupal=8.x-2.16
miniOrange Saml Sso - Service Provider Drupal=8.x-2.17
miniOrange Saml Sso - Service Provider Drupal=8.x-2.18
miniOrange Saml Sso - Service Provider Drupal=8.x-2.19
miniOrange Saml Sso - Service Provider Drupal=8.x-2.20
miniOrange Saml Sso - Service Provider Drupal=8.x-2.21
miniOrange Saml Sso - Service Provider Drupal=8.x-2.22
miniOrange Saml Sso - Service Provider Drupal=8.x-2.23
miniOrange Saml Sso - Service Provider Drupal=8.x-2.24
miniOrange Saml Sso - Service Provider Drupal=8.x-2.25
miniOrange Saml Sso - Service Provider Drupal=8.x-2.26
miniOrange Saml Sso - Service Provider Drupal=8.x-2.27
miniOrange Saml Sso - Service Provider Drupal=8.x-2.28
Event History
May 28, 2026
CVE Published
via MITRE·10:48 PM
Data Sourced
via MITRE·10:48 PM
DescriptionWeakness
Data Sourced
via NVD·11:16 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-5343?
CVE-2026-5343 is considered to have a risk level of 68, indicating a critical vulnerability.
2
How do I fix CVE-2026-5343?
To fix CVE-2026-5343, update the SAML SSO - Service Provider module to version 3.1.4 or later.
3
What kind of vulnerability is CVE-2026-5343?
CVE-2026-5343 is an authentication bypass vulnerability that can lead to privilege escalation.
4
Which versions of Drupal SAML SSO - Service Provider are affected by CVE-2026-5343?
CVE-2026-5343 affects all versions of the SAML SSO - Service Provider module prior to version 3.1.4.
5
What impact can CVE-2026-5343 have on my Drupal site?
CVE-2026-5343 can potentially allow unauthorized users to gain elevated privileges on your Drupal site.