Description
xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.
Published: 2026-03-13
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Decryption
Action: Immediate Patch
AI Analysis

Impact

The xml-security library implements XML signatures and encryption. Versions prior to 2.3.1 and 1.13.9 lack validation of the authentication tag length for AES‑GCM encrypted nodes. This flaw allows an attacker to brute‑force an authentication tag, recover the GHASH key and decrypt the encrypted nodes, or forge arbitrary ciphertexts without knowing the encryption key. The result is a loss of confidentiality for data protected by XML encryption.

Affected Systems

The vulnerable product is simplesamlphp/xml-security. Any deployment that uses the library in versions older than 2.3.1 or 1.13.9 is affected. The CPE identifier cpe:2.3:a:simplesamlphp:xml-security:*:*:*:*:*:*:*:* applies to all affected releases.

Risk and Exploitability

The CVSS score of 8.2 categorizes this flaw as high severity. The EPSS score is below 1%, indicating a low probability of exploitation in the wild, and it is not listed in the CISA Known Exploited Vulnerabilities catalog. Exploitation requires supplying crafted XML that contains AES‑GCM encrypted nodes, so the attack vector is through malicious XML input, potentially via web services, SAML assertions, or other XML‑based communication.

Generated by OpenCVE AI on March 17, 2026 at 21:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade simplesamlphp/xml-security to version 2.3.1 or newer (2.x branch) or to 1.13.9 or newer (1.x branch).
  • Verify that the application is functioning correctly with the upgraded library and that encrypted XML nodes are processed as expected.
  • If an upgrade cannot occur immediately, mitigate by restricting source of XML input to trusted origins and apply custom validation to enforce authentication tag length when processing AES‑GCM encrypted nodes.

Generated by OpenCVE AI on March 17, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r353-4845-pr5p simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
History

Tue, 17 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:simplesamlphp:xml-security:*:*:*:*:*:*:*:*

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 12:45:00 +0000

Type Values Removed Values Added
Description xml-security is a library that implements XML signatures and encryption. Prior to 2.3.1, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1. xml-security is a library that implements XML signatures and encryption. Prior to versions 2.3.1 and 1.13.9, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1 and 1.13.9.
References

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Simplesamlphp
Simplesamlphp xml-security
Vendors & Products Simplesamlphp
Simplesamlphp xml-security

Fri, 13 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Description xml-security is a library that implements XML signatures and encryption. Prior to 2.3.1, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1.
Title xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption
Weaknesses CWE-354
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

Simplesamlphp Xml-security
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T14:03:17.811Z

Reserved: 2026-03-12T14:54:24.269Z

Link: CVE-2026-32600

cve-icon Vulnrichment

Updated: 2026-03-16T14:03:09.793Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:38.953

Modified: 2026-03-17T19:25:09.150

Link: CVE-2026-32600

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:40:01Z

Weaknesses