CVE-2026-47229: Admidio: CSRF in SSO client `enable` action toggles SAML/OIDC clients without token validation

May 29, 2026

modules/sso/clients.php validates an adm_csrf_token on every state-changing branch except enable. The enable case loads the SAML or OIDC client by UUID, calls $client->enable($enabled), and persists the new state with no token check. Because the action is reachable via plain GET parameters, a third-party page can trick an authenticated administrator into disabling (or silently re-enabling) any configured SAML or OIDC client. Disabling an SSO client breaks every downstream relying-party application that authenticates through it.

References

github.com/Admidio/admidio/security/advisories/GHSA-xg76-5qj2-2hhv
github.com/advisories/GHSA-xg76-5qj2-2hhv
nvd.nist.gov/vuln/detail/CVE-2026-47229

Code Behaviors & Features

Detect and mitigate CVE-2026-47229 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →