A zero-day vulnerability in xml-crypto and popular Node.js SAML libraries allows attackers to forge authentication responses and hijack any user account—including admins—without user interaction. WorkOS patched the flaw within 24 hours, but thousands of applications remain exposed until updated.