top of page
perceptive_background_267k.jpg

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) i…

Published:

1 juni 2026 om 22:00:00

Alert date:

2 juni 2026 om 22:02:38

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

authentik, an open-source identity provider, contains a Cross-Site Scripting (XSS) vulnerability in the AutosubmitStage component of the Simple Flow Executor (SFE). The vulnerability exists in versions prior to 2025.12.5 and 2026.2.3 and was introduced to improve compatibility with legacy browsers. The XSS exploit can be triggered through the AutosubmitStage implementation. The vulnerability has been patched in versions 2025.12.5 and 2026.2.3.

Technical details

Mitigation steps:

Affected products:

authentik

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42849
https://github.com/goauthentik/authentik/security/advisories/GHSA-pgff-5mx8-fqj3

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page