4 matches found
BIT-AUTHENTIK-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227
CVE-2026-25227 affects the openβsource identity provider authentik. From 2021.3.1 up to before 2025.8.6, 2025.10.4, and 2025.12.4, a user with delegated permissions can execute arbitrary code inside the authentik server container via the test endpoint that previews property mappings/policies. The...
CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...