Project: 
SAML SSO - Service Provider
Date: 
2026-February-25
Security risk: 
Critical 16 ∕ 25 AC:Basic/A:None/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: 
Cross-site scripting
Affected versions: 
<3.1.3
CVE IDs: 
CVE-2026-3217
Description: 

This module enables you to perform SAML protocol-based single sign-on (SSO) on a Drupal site.

The module doesn't sufficiently sanitize user input, leading to a reflected Cross-site scripting (XSS) vulnerability.

Solution: 

Install the latest version:

Reported By: 
Fixed By: 
Coordinated By: