EIP-2026-106596

PRE-CVE

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106596. PoCs published by Cristian \'void\' Giustini.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in the Drupal Module MiniorangeSAML 8.x-2.22 via XML Signature Wrapping. It involves intercepting a SAML response and injecting a malicious assertion to escalate user privileges.

Description

Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation

Exploits (1)

exploitdb WORKING POC

by Cristian \'void\' Giustini · textwebappsphp

https://www.exploit-db.com/exploits/50361

View Code ZIP pw:eip

This exploit demonstrates a privilege escalation vulnerability in the Drupal Module MiniorangeSAML 8.x-2.22 via XML Signature Wrapping. It involves intercepting a SAML response and injecting a malicious assertion to escalate user privileges.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Drupal Module MiniorangeSAML 8.x-2.22

Auth required

Prerequisites: Configured MiniorangeSAML with 'Either SAML response or SAML assertion must be signed' and empty 'x509 certificate' · Intercepting proxy like Burp Suite

MITRE ATT&CK

T1550.003 - Pass the Ticket

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026