A vulnerability was found in logto-io logto up to 1.40.x. It has been declared as problematic. This vulnerability affects unknown code of the file packages/core/src/saml-application/SamlApplication/utils.ts of the component SamlApplication. Such manipulation of the argument RelayState/SAMLResponse/actionurl leads to cross site scripting.
This vulnerability is referenced as CVE-2026-54714. It is possible to launch the attack remotely. No exploit is available.