Lucene search
K

380 matches found

Cvelist
Cvelist
added 2026/06/02 8:31 p.m.48 views

CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

8.8CVSS0.00298EPSS
Exploits1References1
CVE
CVE
added 2026/06/02 8:31 p.m.51 views

CVE-2026-49443

This CVE affects authentik, an open-source identity provider. Affected: UserSourceConnection.user and GroupSourceConnection.group are changeable via the API, allowing an attacker who can modify a source connection and possesses an account in one configured source to log into any account. Root cau...

8.8CVSS5.7AI score0.00298EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/02 8:30 p.m.28 views

CVE-2026-47201

The CVE-2026-47201 entry affects authentik’s SAML Source ACS endpoint, where XML Signature Wrapping can allow an attacker with any upstream-IdP account to authenticate as a different federated user. The issue arises during validation of upstream SAML responses and has been patched in authentik ve...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 8:30 p.m.8 views

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:30 p.m.11 views

EUVD-2026-34027

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:30 p.m.34 views

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:30 p.m.11 views

CVE-2026-47201

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/02 8:30 p.m.36 views

CVE-2026-42849

The CVE-2026-42849 entryffects authentik, an open-source identity provider. Affected component: SFE (Simple Flow Executor) autosubmit stage, where legacy-browser compatibility logic enabled a reflected XSS. Root cause: XSS in AutosubmitStage enables an attacker to potentially take over an IDP acc...

9.3CVSS5.7AI score0.00318EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/02 8:30 p.m.34 views

CVE-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

9.3CVSS0.00318EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:30 p.m.12 views

CVE-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

9.3CVSS5.7AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:30 p.m.38 views

CVE-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:30 p.m.10 views

EUVD-2026-34025

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 8:30 p.m.26 views

CVE-2026-41569

CVE-2026-41569 concerns authentik, an open-source identity provider. Before 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter with a raw string prefix check instead of proper URL parsing, enabling an attacker to craft a login link with a wreply on a different origi...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 8:30 p.m.16 views

CVE-2026-41569 authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints

authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter using a raw string prefix check rather than proper URL parsing. An attacker who can craft a login link can supply a wreply value on a different origin...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.17 views

CVE-2026-41577

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

7.5CVSS0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 5:12 p.m.11 views

EUVD-2026-33987

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 5:12 p.m.18 views

CVE-2026-41577

CVE-2026-41577 affects the open‑source identity provider authentik. The SAML source response processor (ResponseProcessor.parse()) does not validate the Conditions element on assertions prior to versions 2025.12.5 and 2026.2.3. Specifically, NotBefore, NotOnOrAfter, and AudienceRestriction are ig...

7.5CVSS5.7AI score0.00169EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 5:12 p.m.14 views

CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

6.9CVSS5.7AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:2 a.m.14 views

CVE-2026-44649

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern accepts Remote-User Authelia and X-Authentik-Username Authentik HTTP headers to...

9.8CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-45855

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description An issue exists in the Simple Flow Executor SFE, which is a component used to manage the sequence of steps in an authentication flow. Due to the...

9.3CVSS5.6AI score0.00318EPSS
Exploits0References7
Rows per page
Query Builder