saml 2

• CVE-2026-49284: ExpectedIssuer and InResponseTo binding bypass in SimpleSAMLphp Jun 11, 2026
• CVE-2026-49283: HTTP-Artifact TLS validator confusion in SimpleSAMLphp SAML2 Jun 11, 2026