{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T15:02:00.625Z", "datePublished": "2026-03-31T17:01:46.776Z", "dateUpdated": "2026-04-03T16:14:20.163Z"}, "containers": {"cna": {"title": "SciTokens C++: Relative Path Traversal Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "lang": "en", "description": "CWE-23: Relative Path Traversal", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp"}, {"name": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08", "tags": ["x_refsource_MISC"], "url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08"}], "affected": [{"vendor": "scitokens", "product": "scitokens-cpp", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T17:01:46.776Z"}, "descriptions": [{"lang": "en", "value": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1."}], "source": {"advisory": "GHSA-rqcx-mc9w-pjxp", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T16:14:03.357530Z", "id": "CVE-2026-32725", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:14:20.163Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32725", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-03T16:14:03.357530Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T16:14:14.903Z"}}], "cna": {"title": "SciTokens C++: Relative Path Traversal Vulnerability", "source": {"advisory": "GHSA-rqcx-mc9w-pjxp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "scitokens", "product": "scitokens-cpp", "versions": [{"status": "affected", "version": "< 1.4.1"}]}], "references": [{"url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp", "name": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08", "name": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T17:01:46.776Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32725", "state": "PUBLISHED", "dateUpdated": "2026-04-03T16:14:20.163Z", "dateReserved": "2026-03-13T15:02:00.625Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T17:01:46.776Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:scitokens:scitokens_cpp_library:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC9F84FE-5692-462D-BA2B-D9703D8AFAD1", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1."}], "id": "CVE-2026-32725", "lastModified": "2026-04-13T17:16:08.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T18:16:50.837", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "scitokens-cpp", "source": "cna", "vendor": "scitokens"}, "product": "scitokens-cpp", "vendor": "scitokens"}], "analysis": {"en": {"generated_at": "2026-04-13T18:28:25.309679+00:00", "value": {"mitigation_remediation": ["Upgrade SciTokens C++ to version\u202f1.4.1 or later, which removes the path\u2011traversal normalization bug.", "Verify that all dependent projects and deploy environments use the patched library release and that no legacy versions remain in use."], "summary": {"action": "Immediate Patch", "impact": "Authorization Bypass through relative path traversal in scope fragments"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the SciTokens C++ library distributed under the scitokens:scitokens-cpp identifier. All releases prior to version\u202f1.4.1 are impacted. The fix was introduced in version\u202f1.4.1, which corrects the normalization behavior.", "description_and_impact": "SciTokens C++ permits a library user to process path-based scopes contained in a token and normalizes those paths by collapsing \"..\" components. Because the library does not reject or control such path traversal, an attacker can supply a scope that includes parent\u2011directory references and thereby broaden the effective authorization beyond the intended directory. This results in an unauthorized access condition where a token granting access to a sub\u2011path is transformed into a token that grants access to higher\u2011level paths, enabling privilege escalation within the application.", "risk_and_exploitability": "The vulnerability carries a CVSS score of\u202f8.3, indicating high severity, but its EPSS score is below 1\u202f% and it is not listed in the CISA KEV catalog, suggesting a low to moderate likelihood of exploitation in the wild. Exploitation requires an attacker to craft or obtain a token containing a path\u2011based scope and present it to an application that uses the vulnerable library; thus the attack surface is tied to token acceptance points, which can be remote or local depending on the service design. Attacks would exploit the library\u2019s incorrect handling of path traversal to gain access to resources beyond the intended scope."}}}}, "created": "2026-03-31T19:53:49.917897+00:00", "updated": "2026-04-14T16:42:20.176654+00:00", "vendors": ["scitokens", "scitokens$PRODUCT$scitokens-cpp"]}