CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2024-1524

CVE-2024-1524 describes a risk when a federated IDP uses Silent Just-In-Time provisioning: if preconditions are met, a malicious actor could cause a targeted local user account to be linked to a federated IDP user they control, potentially replacing information in the local user store. The CVE is...

CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning.

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

Verifiable Passkey: The Decentralized Authentication Standard

Passwordless authentication has revolutionized the way we authenticate across various websites and services. FIDO2 Passkeys, is one of the most-widely adopted standards of passwordless authentication that promises phishing-resistance. However, like any other authentication system, passkeys requir...

EUVD-2021-28813

Malicious code in bioql PyPI...

EUVD-2023-3194

Malicious code in bioql PyPI...

GO-2025-3822 Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io

Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

FAS - Upgrade of FAS server failed with error "Unable to complete the installation"

1 Attempting to upgrade FAS server component fails with below error- 2 Reinstallation attempt fails with the same error. 3 Event viewer shows below error : Log Name: Application Source: MsiInstaller Event ID: 11722 Task Category: None Level: Error Description: Product: Citrix Federated...

Ubuntu 24.04 VDA 2411 - "Invalid Login" with FAS Enabled

Users on Ubuntu 24.04 with Citrix VDA 2411 and Federated Authentication Service FAS enabled experience "Invalid Login" errors during login attempts...

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication through the SAML SSO implementation process which allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. Note: This is...

UBUNTU-CVE-2024-13041

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. A...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions...

Microsoft ASP.NET Core project templates vulnerable to denial of service

A Denial of Service vulnerability exists in ASP.NET Core project templates which utilize JWT-based authentication tokens. This vulnerability allows an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and...

Citrix FAS - Failed to connect to Citrix Cloud

When using the Federated Authentication Service FAS administration console to connect a FAS server to Citrix Cloud, the following error message is shown. Error Message: "Failed to retrieve your customers, reload the page and if it still fails contact customer support."...

Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...

CVE-2023-6837

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: An IDP configured for federated authentication and JIT provisioning enabled with...