Improper Verification of Cryptographic Signature in admidio/admidio | CVE-2026-41669

Q: How to fix?

Upgrade admidio/admidio to version 5.0.9 or higher.

Introduced: 29 Apr 2026

NewCVE-2026-41669 (opens in a new tab) CWE-347 (opens in a new tab)

How to fix?

Upgrade admidio/admidio to version 5.0.9 or higher.

Overview

admidio/admidio is a free open source user management system for websites of organizations and groups.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to improper validation of SAML signatures in the authentication and logout processes. An attacker can gain unauthorized access to sensitive user attributes or terminate user sessions by submitting forged or unsigned SAML AuthnRequests and LogoutRequests. This can result in disclosure of personal information and denial of service for targeted users.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
Low
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
None

Confidentiality (VC)
Low
Integrity (VI)
High
Availability (VA)
None

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None

Improper Verification of Cryptographic Signature Affecting admidio/admidio package, versions <5.0.9

Severity

Do your applications use this vulnerable package?

Introduced: 29 Apr 2026

How to fix?

Overview

References

CVSS Base Scores

Snyk