SAML parser flaws and assertion bypasses: what IAM teams need to know

TL;DR: A string of high-severity SAML flaws across Citrix NetScaler, authentik, OneUptime, and Cisco Secure Firewall shows how XML parsing, signature handling, and edge-device exposure continue to create authentication bypass and denial-of-service risk, according to WorkOS. The protocol's fragility means SSO controls must now be treated as a living attack surface, not a settled integration layer.

NHIMG editorial — based on content published by WorkOS: SAML's rough quarter: five critical vulnerabilities in four months

By the numbers:

• In late March 2026, Citrix patched a critical memory overread vulnerability with a CVSS score of 9.3 in NetScaler ADC and NetScaler Gateway.

Questions worth separating out

Q: What breaks when SAML signature verification and assertion processing are separated?

A: When verification and identity extraction use different code paths, an attacker can feed one parser a valid signature and another parser a forged assertion.

Q: Why do SAML vulnerabilities keep appearing in enterprise identity stacks?

A: SAML depends on XML canonicalization, namespaces, parser behaviour, and signature handling, which creates many opportunities for implementation mismatch.

Q: How do security teams reduce risk from SAML-enabled appliances?

A: Treat SAML-capable edge appliances as high-impact identity infrastructure, not generic network gear.

Practitioner guidance

• Patch exposed SAML edge appliances first Prioritise NetScaler and firewall appliances that are configured as SAML identity providers or SSO endpoints, because those are reachable attack surfaces with federation-wide impact.
• Verify that signature checks and identity extraction use the same object Review code paths so the signed response or assertion that passes validation is the exact one used to determine the authenticated identity, with no second parser deciding the result.
• Test malformed SAML handling under failure conditions Send intentionally broken messages to staging endpoints and confirm that parsing errors are rejected cleanly without reloads, crashes, or silent fallback behaviour.

What's in the full report

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• Exact version guidance for Ruby-SAML, authentik, OneUptime, Citrix NetScaler, and Cisco Secure Firewall
• Endpoint-specific exploit behaviour, including which SAML paths were targeted and how the flaws were triggered
• Research references from WatchTowr, Defused Cyber, PortSwigger, and CISA that support incident timing and exploitation context
• Implementation advice for organisations deciding whether to keep SAML, harden it, or shift new integrations toward simpler federation models

👉 Read WorkOS's analysis of SAML's critical vulnerabilities across the federation stack →

SAML parser flaws and assertion bypasses: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →