Logto-io Logto

3 CVEs affecting Logto-io Logto. Latest disclosed: 2026-07-10. Critical: 0, High: 1.

Top CVEs affecting Logto-io Logto
CVESeverityScorePublishedSummary
CVE-2026-55789High8.52026-07-10Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML resp…
CVE-2026-55370Medium6.42026-07-10Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's existing TOTP verification accepted a successfully used TOT…
CVE-2026-54714Medium6.12026-07-10Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and action…