{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T15:02:00.625Z", "datePublished": "2026-03-31T17:01:46.776Z", "dateUpdated": "2026-03-31T17:01:46.776Z"}, "containers": {"cna": {"title": "SciTokens C++: Relative Path Traversal Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "lang": "en", "description": "CWE-23: Relative Path Traversal", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp"}, {"name": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08", "tags": ["x_refsource_MISC"], "url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08"}], "affected": [{"vendor": "scitokens", "product": "scitokens-cpp", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T17:01:46.776Z"}, "descriptions": [{"lang": "en", "value": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1."}], "source": {"advisory": "GHSA-rqcx-mc9w-pjxp", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses \"..\" path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1."}], "id": "CVE-2026-32725", "lastModified": "2026-03-31T18:16:50.837", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T18:16:50.837", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08"}, {"source": "security-advisories@github.com", "url": "https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "scitokens-cpp", "source": "cna", "vendor": "scitokens"}, "product": "scitokens-cpp", "vendor": "scitokens"}], "analysis": {"en": {"generated_at": "2026-03-31T18:21:27.594778+00:00", "value": {"mitigation_remediation": ["Update scitokens\u2011cpp to version\u202f1.4.1 or later, which removes the collapsing of '..' path components and properly rejects them.", "If an immediate upgrade is not feasible, configure the application to reject any token that includes '..' in the scope path or otherwise validate that the resolved path does not escape the intended directory."], "summary": {"action": "Immediate Patch", "impact": "Authorization bypass via relative path traversal"}, "threat_synthesis": {"affected_systems": "All installations of the scitokens\u2011cpp library below version\u202f1.4.1, regardless of the runtime environment.", "description_and_impact": "SciTokens C++ is a lightweight library for handling SciTokens in C/C++. A flaw in versions prior to 1.4.1 allows an attacker who can craft or supply a token to normalise the scope path by collapsing parent\u2011directory references. This permits the token to reference directories outside the intended scope, thereby bypassing authorization and granting broader access than granted. The vulnerability is a classic path traversal problem, classified as CWE\u201123.", "risk_and_exploitability": "The CVSS base score is 8.3, indicating high severity. No EPSS score is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers can exploit this weakness by delivering a crafted token containing parent\u2011directory references to any application that uses the vulnerable library. Successful exploitation results in unauthorized access to resources within directories that fall outside the defined permissions, effectively escalating privileges. The lack of input validation makes the flaw readily exploitable, but the attacker must have a path to inject the token."}}}}, "created": "2026-03-31T19:53:49.917897+00:00", "updated": "2026-03-31T20:37:47.653214+00:00", "vendors": ["scitokens", "scitokens$PRODUCT$scitokens-cpp"]}