CVE-2026-33245

creationtimestamp| type| source ---|---|--- 2026-06-02 21:01:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndiiziwpy2q 2026-06-02 23:26:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndqlviq3g23 2026-06-05 06:37:08+00:00| seen|...

CVE-2026-42211

creationtimestamp| type| source ---|---|--- 2026-06-02 21:01:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndiim3lfp2f 2026-06-02 23:19:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndqabi4xb2m 2026-06-04 00:40:58+00:00| seen|...

CVE-2026-49120

creationtimestamp| type| source ---|---|--- 2026-06-02 21:00:46+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndihgn75l25 2026-06-02 23:56:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndsaysdgm27...

CVE-2019-25723

creationtimestamp| type| source ---|---|--- 2026-06-02 20:59:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndifittff27...

CVE-2026-5076

creationtimestamp| type| source ---|---|--- 2026-06-02 20:57:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndibeexqb2m 2026-06-02 21:00:39+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndih7w5ct25 2026-06-03 02:06:19+00:00| seen|...

CVE-2026-35049

creationtimestamp| type| source ---|---|--- 2026-06-02 20:55:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndi5jf4732j...

CVE-2026-5073

creationtimestamp| type| source ---|---|--- 2026-06-02 20:49:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhtf445z2f 2026-06-02 21:00:32+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndigzd4da22 2026-06-09 07:03:56+00:00| confirmed|...

CVE-2026-48595

creationtimestamp| type| source ---|---|--- 2026-06-02 20:47:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhqfcwzz23...

CVE-2026-49448

CVE-2026-49448 affects authentik (open-source identity provider). The issue allows bypass of the Source stage by sending an empty POST, as described in both the CVE entry and CVE list. Affected versions are prior to 2025.12.6, 2026.2.4, and 2026.5.1. The vulnerability is assessed with a high impa...

CVE-2026-49448 authentik: SourceStage bypass via empty POST

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

CVE-2026-49448

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

EUVD-2026-34030

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions 2025.12.6, 2026.2.4, and 2026.5.1...

EUVD-2026-34028

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-49443

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-49443

This CVE affects authentik, an open-source identity provider. Affected: UserSourceConnection.user and GroupSourceConnection.group are changeable via the API, allowing an attacker who can modify a source connection and possesses an account in one configured source to log into any account. Root cau...

CVE-2026-49443 authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

CVE-2026-47201

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

EUVD-2026-34026

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...