8 matches found
BIT-AUTHENTIK-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227
CVE-2026-25227 affects the open‑source identity provider authentik. From 2021.3.1 up to before 2025.8.6, 2025.10.4, and 2025.12.4, a user with delegated permissions can execute arbitrary code inside the authentik server container via the test endpoint that previews property mappings/policies. The...
CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint
authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...
PT-2026-7892
Name of the Vulnerable Software and Affected Versions authentik versions 2021.3.1 through 2025.8.6 authentik versions 2025.10.4 authentik versions 2025.12.4 Description authentik is an open-source identity provider. When using delegated permissions, a user with the permission 'Can view Property...