TL;DR: XML parser disagreement between signature verifier and attribute extractor — full SAML auth bypass (ruby-saml CVE-2024-45409, samlify CVE-2025-47949).

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://workos.com/guide/common-saml-security-vulnerabilities