Listen to this Post
How CVE-2026-49454 Works
Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. In versions 1.0.0 and 1.1.0, the XMLDSig trust boundary was incomplete. The core issue is that the library failed to cryptographically verify the `SignatureValue` of incoming SAML assertions before returning a successful authentication result.
Specifically, the following cryptographic validation steps were missing or bypassed:
1. Missing Public Key Verification: The `:public_key.verify` function, which should have verified the signature over the exclusive-C14N canonicalized `SignedInfo` element against the configured Identity Provider (IdP) certificate’s public key, was not performed.
2. Missing Digest Recalculation: The `DigestValue` was not recomputed over the canonicalized referenced element. Without this check, the integrity of the referenced SAML assertion data could not be confirmed.
3. Unused Canonicalization: The `canonicalize/2` function remained an unused passthrough in the signature-verification path, meaning the necessary canonicalization step for proper XML signature validation was effectively skipped.
The consequence of these omissions was a “structure-only acceptance path.” The library would accept a SAML response based on its document shape and trust-source, succeeding without ever proving the cryptographic validity of the signature bytes. As a result, an attacker could forge a `SignatureValue` with an attacker-controlled NameID, and the library would accept it as {:ok}. Any relying-party application using the vulnerable versions could be logged into as an arbitrary user.
The vulnerability is fixed in version 1.2.0, which implements proper cryptographic validation.
DailyCVE Form
Platform: Elixir/Phoenix
Version: 1.0.0, 1.1.0
Vulnerability: Authentication Bypass
Severity: CRITICAL (CVSS 9.1)
date: 2026-06-18
Prediction: 2026-06-25 (estimate)
What Undercode Say
Based on an analysis of the vulnerability and the fix, the following technical details and remediation steps are critical:
Analytics:
- Root Cause Analysis: The incomplete XMLDSig implementation allowed a structure-only acceptance path where document shape and trust-source rejection could succeed without proving the signature bytes.
- Affected Functionality: The core SAML response verification logic in `verify/4` and `verify_metadata_root/4` was vulnerable.
- Fix Verification: The patch introduces real exclusive-C14N canonicalization, `:public_key.verify` against the IdP certificate, and a constant-time `DigestValue` recompute/compare.
- Regression Tests: The fix is validated by regression proofs in
test/security/xml/adversarial_crypto_test.exs,test/relyra/metadata/auto_refresh_test.exs, andtest/security/ci_gate_integrity_test.exs.
Bash commands and codes related to the blog
Check your current Relyra version in a mix project
mix deps | grep relyra
Or check mix.lock directly
grep "relyra" mix.lock
To update to the patched version (1.2.0 or later)
In your mix.exs, update the dependency:
{:relyra, "~> 1.2"}
Then fetch and compile the new version
mix deps.update relyra
mix deps.compile relyra
Example of the vulnerable verification path (pseudo-logic)
In versions <= 1.1.0, the signature check was incomplete.
The library would return {:ok} without proper cryptographic verification.
Patched verification in 1.2.0 includes:
1. :public_key.verify over exclusive-C14N canonicalized SignedInfo
2. Recomputing DigestValue over the canonicalized referenced element
3. Constant-time comparison of DigestValue
How Exploit
An attacker could exploit this vulnerability by performing the following steps:
1. Craft a Forged SAML Response: The attacker creates a malicious SAML response containing an attacker-controlled NameID.
2. Forge the SignatureValue: Since the library does not cryptographically verify the SignatureValue, the attacker can provide a forged signature that passes the structure-only acceptance path.
3. Send the Response to the Relyra Application: The attacker sends the crafted SAML response to the vulnerable Relyra-based application.
4. Bypass Authentication: The application, using Relyra 1.0.0 or 1.1.0, accepts the forged response as {:ok}. This grants the attacker unauthorized access, effectively allowing them to log in as any user they choose.
The attack vector is remote, requires no authentication, and has a low attack complexity, making it highly dangerous.
Protection
- Immediate Action: Upgrade Relyra to version 1.2.0 or later immediately. There is no safe configuration for versions 1.0.0 or 1.1.0.
- Verify Patch: After upgrading, ensure that your application’s SAML response verification now includes cryptographic signature validation. The patch introduces `:public_key.verify` and proper `DigestValue` recomputation.
- Network Restrictions: As a supplementary measure, consider applying network restrictions to limit reachable IdP endpoints.
- Monitor Logs: Monitor authentication logs for any potential bypass attempts, especially if an immediate upgrade is not possible.
Impact
- Authentication Bypass: An attacker can bypass the entire SAML authentication process.
- Account Takeover: Any relying-party application using Relyra 1.0.0 or 1.1.0 can be logged into as an arbitrary user.
- Unauthorized Access: This leads to unauthorized access to resources protected by the application.
- Confidentiality and Integrity Impact: The CVSS score of 9.1 (Critical) reflects a high impact on both confidentiality and integrity.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
