{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32600", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-12T14:54:24.269Z", "datePublished": "2026-03-13T19:58:41.692Z", "dateUpdated": "2026-03-16T14:03:17.811Z"}, "containers": {"cna": {"title": "xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption", "problemTypes": [{"descriptions": [{"cweId": "CWE-354", "lang": "en", "description": "CWE-354: Improper Validation of Integrity Check Value", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p"}, {"name": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520", "tags": ["x_refsource_MISC"], "url": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520"}, {"name": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25", "tags": ["x_refsource_MISC"], "url": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25"}], "affected": [{"vendor": "simplesamlphp", "product": "xml-security", "versions": [{"version": ">= 2.0.0, < 2.3.1", "status": "affected"}, {"version": "< 1.13.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-16T12:28:57.720Z"}, "descriptions": [{"lang": "en", "value": "xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9."}], "source": {"advisory": "GHSA-r353-4845-pr5p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T14:01:30.383537Z", "id": "CVE-2026-32600", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:03:17.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32600", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T14:01:30.383537Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T14:03:09.793Z"}}], "cna": {"title": "xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption", "source": {"advisory": "GHSA-r353-4845-pr5p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "simplesamlphp", "product": "xml-security", "versions": [{"status": "affected", "version": ">= 2.0.0, < 2.3.1"}, {"status": "affected", "version": "< 1.13.9"}]}], "references": [{"url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p", "name": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520", "name": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25", "name": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-354", "description": "CWE-354: Improper Validation of Integrity Check Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-16T12:28:57.720Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32600", "state": "PUBLISHED", "dateUpdated": "2026-03-16T14:03:17.811Z", "dateReserved": "2026-03-12T14:54:24.269Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T19:58:41.692Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simplesamlphp:xml-security:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D4DF512-B74E-412C-804F-6ED06CC1B9F1", "versionEndExcluding": "1.13.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:simplesamlphp:xml-security:*:*:*:*:*:*:*:*", "matchCriteriaId": "78834E45-06AC-48A5-9535-C6A34F4FEF96", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9."}], "id": "CVE-2026-32600", "lastModified": "2026-03-17T19:25:09.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:38.953", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/simplesamlphp/xml-security/commit/cad6d57cf0a5a0b7e0cc4e4a5b18752e56eb1520"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-354"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.3.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "xml-security", "source": "cna", "vendor": "simplesamlphp"}, "product": "xml-security", "vendor": "simplesamlphp"}], "analysis": {"en": {"generated_at": "2026-03-17T21:07:13.668806+00:00", "value": {"mitigation_remediation": ["Upgrade simplesamlphp/xml-security to version 2.3.1 or newer (2.x branch) or to 1.13.9 or newer (1.x branch).", "Verify that the application is functioning correctly with the upgraded library and that encrypted XML nodes are processed as expected.", "If an upgrade cannot occur immediately, mitigate by restricting source of XML input to trusted origins and apply custom validation to enforce authentication tag length when processing AES\u2011GCM encrypted nodes."], "summary": {"action": "Immediate Patch", "impact": "Unauthorized Decryption"}, "threat_synthesis": {"affected_systems": "The vulnerable product is simplesamlphp/xml-security. Any deployment that uses the library in versions older than 2.3.1 or 1.13.9 is affected. The CPE identifier cpe:2.3:a:simplesamlphp:xml-security:*:*:*:*:*:*:*:* applies to all affected releases.", "description_and_impact": "The xml-security library implements XML signatures and encryption. Versions prior to 2.3.1 and 1.13.9 lack validation of the authentication tag length for AES\u2011GCM encrypted nodes. This flaw allows an attacker to brute\u2011force an authentication tag, recover the GHASH key and decrypt the encrypted nodes, or forge arbitrary ciphertexts without knowing the encryption key. The result is a loss of confidentiality for data protected by XML encryption.", "risk_and_exploitability": "The CVSS score of 8.2 categorizes this flaw as high severity. The EPSS score is below 1%, indicating a low probability of exploitation in the wild, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires supplying crafted XML that contains AES\u2011GCM encrypted nodes, so the attack vector is through malicious XML input, potentially via web services, SAML assertions, or other XML\u2011based communication."}}}}, "created": "2026-03-16T09:23:59.865612+00:00", "updated": "2026-03-23T13:40:01.301439+00:00", "vendors": ["simplesamlphp", "simplesamlphp$PRODUCT$xml-security"]}