top of page
perceptive_background_267k.jpg

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, …

Published:

1 June 2026 at 22:00:00

Alert date:

2 June 2026 at 22:02:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

authentik, an open-source identity provider, contains a critical vulnerability that allows attackers with the ability to modify source connections to log into any account. The flaw affects versions prior to 2025.12.6, 2026.2.4, and 2026.5.1. An attacker needs access to change source connection settings and an account in one of the configured sources to exploit this vulnerability. This represents a complete authentication bypass that could compromise all user accounts in the system. The vulnerability has been patched in the specified versions.

Technical details

Mitigation steps:

Affected products:

authentik

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49443
https://github.com/goauthentik/authentik/security/advisories/GHSA-wr38-7xg8-fqxr

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page