Description

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was covered by a token's authorized scope path. Because the check did not require a path-segment boundary, a token scoped to one path could incorrectly authorize access to sibling paths that merely started with the same prefix. This issue has been patched in version 1.4.1.

INFO

Published Date :

2026-03-31T17:01:24.882Z

Last Modified :

2026-03-31T19:09:02.060Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32726 vulnerability.

Vendors Products
Scitokens
  • Scitokens-cpp
  • Scitokens Cpp Library
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32726.

URL Resource
https://github.com/scitokens/scitokens-cpp/commit/decfe2f00cb9cabbf1e17a3bb2cd4ea1bbbd8a73 cve-icon cve-icon
https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact