A vulnerability classified as critical has been found in tngan samlify up to 2.12.x . Affected is an unknown function. Performing a manipulation results in xml injection. This vulnerability is identified as CVE-2026-46490 . The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.