top of page
perceptive_background_267k.jpg

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. T…

Published:

1 June 2026 at 22:00:00

Alert date:

2 June 2026 at 22:02:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access

A security vulnerability in authentik, an open-source identity provider, allows bypassing the Source stage by sending an empty POST request. The vulnerability affects versions prior to 2025.12.6, 2026.2.4, and 2026.5.1. This represents an authentication bypass vulnerability that could allow unauthorized access to protected resources. The issue has been patched in the specified versions and users should update immediately.

Technical details

Mitigation steps:

Affected products:

authentik

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49448
https://github.com/goauthentik/authentik/security/advisories/GHSA-xp7f-xjjx-gwm8

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page