Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-49443 |
|
Authentication Bypass in authentik (CVE-2026-49443)
authentication bypass in authentik (CVE-2026-49443). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-49448 |
|
Authentication Bypass in authentik (CVE-2026-49448)
authentication bypass in authentik (CVE-2026-49448). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `2025.12.6, 2026.2.4, 2026.5.1` or later.
|
| CVE-2026-41569 |
|
Open Redirect in authentik (CVE-2026-41569)
vulnerability in authentik (CVE-2026-41569). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2026.2.3` or later.
|
| CVE-2026-42849 |
|
Cross-Site Scripting (XSS) in authentik (CVE-2026-42849)
cross-site scripting in authentik (CVE-2026-42849). Confidential information can be exposed externally. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-41577 |
|
Vulnerability in authentik (CVE-2026-41577)
vulnerability in authentik (CVE-2026-41577). Data can be tampered with by attackers. Mitigation: upgrade to `2025.12.5, 2026.2.3` or later.
|
| CVE-2026-47201 |
|
Vulnerability in goauthentik.io (CVE-2026-47201)
vulnerability in goauthentik.io (CVE-2026-47201). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.0.0-20260528144335-a370d76d23c7` or later.
|