Nixpkgs security tracker

Untriaged

Permalink CVE-2026-32716

8.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 weeks, 4 days ago

SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match (startswith). This allows a token with access to a specific path (e.g., /john) to also access sibling paths that start with the same prefix (e.g., /johnathan, /johnny), which is an Authorization Bypass. This issue has been patched in version 1.9.6.

References

https://github.com/scitokens/scitokens/security/advisories/GHSA-w8fp-g9rh-34jh x_refsource_CONFIRM
https://github.com/scitokens/scitokens/commit/7a237c0f642efb9e8c36ac564b745895cca83583 x_refsource_MISC
https://github.com/scitokens/scitokens/releases/tag/v1.9.6 x_refsource_MISC

Affected products

scitokens

==< 1.9.6

Matching in nixpkgs

pkgs.scitokens-cpp

A C++ implementation of the SciTokens library with a C library interface

nixos-unstable 1.3.0
- nixpkgs-unstable 1.3.0
- nixos-unstable-small 1.3.0
nixos-25.11 1.1.3
- nixos-25.11-small 1.1.3
- nixpkgs-25.11-darwin 1.1.3

Package maintainers

@lub-dub evey <nix@lubdub.nl>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.scitokens-cpp

Package maintainers