CVE-2026-32727: SciTokens has an Authorization Bypass via Path Traversal in Scope Validation
The Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot (..) in the scope claim of a token to escape the intended directory restriction. This occurs because the library normalizes both the authorized path (from the token) and the requested path (from the application) before comparing them using startswith.
References
- github.com/advisories/GHSA-3x2w-63fp-3qvw
- github.com/scitokens/scitokens
- github.com/scitokens/scitokens/commit/2d1cc9e42bc944fe0bbc429b85d166e7156d53f9
- github.com/scitokens/scitokens/pull/230
- github.com/scitokens/scitokens/releases/tag/v1.9.7
- github.com/scitokens/scitokens/security/advisories/GHSA-3x2w-63fp-3qvw
- nvd.nist.gov/vuln/detail/CVE-2026-32727
Code Behaviors & Features
Detect and mitigate CVE-2026-32727 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →