CVE-2026-23518

Fleet is open source device management software. CVE-2026-23518 describes a JWT signature bypass in Fleet’s Windows MDM enrollment flow, where attacker-supplied tokens could be accepted without proper JWT verification, allowing enrollment of unauthorized devices under arbitrary Azure AD identitie...

CVE-2022-23555

The CVE-2022-23555 issue affects authentik, an open-source Identity Provider. A vulnerability in token handling within Invitations allows token reuse across enrollment flows, bypassing access controls when multiple enrollment flows with invitations are used. Versions prior to 2022.11.4 and 2022.1...

CVE-2022-23555 authentik vulnerable to Improper Authentication via invitation URL token reuse

authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one...

PT-2022-16070

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.4 authentik versions prior to 2022.10.4 Description The issue concerns token reuse in invitation URLs, leading to access control bypass via the use of a different enrollment flow than the one provided. An...