Logto-io Logto
3 CVEs affecting Logto-io Logto. Latest disclosed: 2026-07-10. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-55789 | High | 8.5 | 2026-07-10 | Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML resp… |
CVE-2026-55370 | Medium | 6.4 | 2026-07-10 | Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOT… |
CVE-2026-54714 | Medium | 6.1 | 2026-07-10 | Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and action… |