CVE-2026-32726

Name of the Vulnerable Software and Affected Versions SciTokens C++ versions prior to 1.4.1

Description The SciTokens C++ library, used for creating and utilizing SciTokens, contains a flaw in its path-based scope validation. The enforcer performs a string-prefix comparison to verify if a requested resource path is within a token's authorized scope. This check lacks path-segment boundary enforcement, allowing a token scoped to one path to incorrectly authorize access to sibling paths sharing the same prefix.

Recommendations Update to version 1.4.1 or later.