380 matches found
GHSA-W26R-RMM8-9C29 vulnerabilities
Vulnerabilities for packages: authentik, authentik-fips, py3-django...
CVE-2026-6907 vulnerabilities
Vulnerabilities for packages: authentik, authentik-fips, py3-django...
SillyTavern has Authentication Bypass via SSO Header Injection
Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...
GHSA-GXX6-H3G6-VWJH SillyTavern has Authentication Bypass via SSO Header Injection
Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback addresses by default. A setting can be customized according to user's needs. Documentation: https://docs.sillytavern.app/administration/sso/...
PT-2026-40545
Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.18.0 Description An authentication bypass and account takeover issue exists when Authelia or Authentik SSO is enabled. The software accepts Remote-User for Authelia and X-Authentik-Username for Authentik HTTP...
CVE-2026-41889 vulnerabilities
Vulnerabilities for packages: commercial-chainloop-backend, splunk-otel-collector, gitlab-kas, bento-fips, step-issuer, pgwatch, bento, ory-kratos, openbao, chainloop-control-plane, jitsucom-bulker, openbao-fips, dapr-fips, pgtimetable-fips, sftpgo-plugin-eventstore, spicedb, step-ca-fips,...
CVE-2026-41066 vulnerabilities
Vulnerabilities for packages: authentik-fips, open-webui, datahub-ingestion, synapse, authentik, kubeflow-pipelines-visualization-server, nemo, datadog-agent-fips, label-studio, airflow, datahub-ingestion-fips, datadog-agent...
CVE-2026-28684 vulnerabilities
Vulnerabilities for packages: authentik-fips, ggshield, superset, keep-fips, litellm, authentik, localstack, keep, kserve...
GHSA-MF9W-MJ56-HR94 vulnerabilities
Vulnerabilities for packages: authentik-fips, ggshield, superset, keep-fips, litellm, authentik, localstack, keep, kserve...
GHSA-VFMQ-68HX-4JFW vulnerabilities
Vulnerabilities for packages: authentik-fips, open-webui, datahub-ingestion, synapse, authentik, kubeflow-pipelines-visualization-server, nemo, datadog-agent-fips, label-studio, airflow, datahub-ingestion-fips, datadog-agent...
BIT-AUTHENTIK-2026-25748 authentik has a forward authentication bypass with broken cookie
authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...
BIT-AUTHENTIK-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
BIT-AUTHENTIK-2025-64708 authentik invitation expiry is delayed by at least 5 minutes
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...
BIT-AUTHENTIK-2025-64521 authentik deactivated service accounts can authenticate to OAuth
authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...
BIT-AUTHENTIK-2025-29928 authentik's deletion of sessions did not revoke sessions when using database session storage
authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage which is a non-default setting, deleting sessions via the Web Interface or the API would not revoke the session and the session holder wou...
BIT-AUTHENTIK-2024-52289 authentik has an insecure default configuration for OAuth2 Redirect URIs
authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirecturi value received as an allowed redirect URI, without escaping...
BIT-AUTHENTIK-2024-52287 authentik performs insufficient validation of OAuth scopes
authentik is an open-source identity provider. When using the clientcredentials or devicecode OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue...
BIT-AUTHENTIK-2024-47077 authentik cross-provider token validation problems
authentik is an open-source identity provider. Prior to versions 2024.8.3 and 2024.6.5, access tokens issued to one application can be stolen by that application and used to impersonate the user against any other proxy provider. Also, a user can steal an access token they were legitimately issued...
BIT-AUTHENTIK-2024-47070 authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header
authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. a. This results in a possibility of logging into any account with a known logi...
BIT-AUTHENTIK-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik
authentik is an open-source Identity Provider. Access restrictions assigned to an application were not checked when using the OAuth2 Device code flow. This could potentially allow users without the correct authorization to get OAuth tokens for an application and access it. This issue has been...