BIT-AUTHENTIK-2025-64521 authentik deactivated service accounts can authenticate to OAuth

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with clientid and clientsecret to an OAuth provider, authentik creates a service account for the provider. In previous authentik versions, authentication for this account was possible even...

GHSA-9G4J-V8W5-7X42 Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources

Summary Deactivated users that had either enrolled via OAuth/SAML or had their account connected to an OAuth/SAML account can still partially access authentik even if their account is deactivated. They end up in a half-authenticated state where they cannot access the API but crucially they can...

CVE-2025-49006

Wasp Web Application Specification is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation affecting only Keycloak with a specific config. Wasp currently lowercases OAuth user IDs before...

"Cannot Complete Your Request" via Oauth after Upgrading NetScaler from 12.1 to 13.0

After ADC is upgraded from 12.1 to 13.0, the user keeps getting "Cannot Complete Your Request" when attempting to access resources through ADC with Oauth authentication. As a comparison, there is no issue accessing StoreFront directly in the intranet without Oauth...