The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method for enabling Single Sign-On (SSO) authentication across various online services.