T
TraceWithin
Goauthentik

Authentik Vulnerabilities

Security vulnerability tracking for Goauthentik Authentik

Last updated: Feb 12, 2026
Total CVEs

3

Critical

0

With Exploits

1

Last 30 Days

3

Vulnerability Timeline

3 vulnerabilities discovered over time for Authentik

Severity Distribution

Critical0
0%
High3
100%
Medium0
0%
Low0
0%
AllCriticalHighMediumLow
DescriptionVendor / ProductExploit Status
CVE-2026-259228.8

An attacker can inject a harmful authentication message into the authentik identity provider, potentially allowing them to impersonate a legitimate user. This can happen if the system is configured to verify the signature of the assertion but not the response, or if it lacks proper encryption settings.

goauthentikauthentik
Theoretical
8 days agoFeb 12, 2026
CVE-2026-257487.5

This vulnerability allows an attacker to bypass authentication and gain unauthorized access to systems using the authentik identity provider when it is set up with certain reverse proxies like Traefik or Caddy. This can happen if the attacker sends a specially crafted cookie, allowing them to access resources without proper credentials, but it only affects versions prior to the specified updates.

goauthentikauthentik
Exploit Available
8 days agoFeb 12, 2026
CVE-2026-252277.2

This vulnerability allows an attacker with specific permissions to run arbitrary code on the authentik server, potentially taking control of the system. It affects versions from 2021.3.1 up to just before 2025.8.6, 2025.10.4, and 2025.12.4, and requires the attacker to have permission to view certain property mappings or policies.

goauthentikauthentik
Theoretical
8 days agoFeb 12, 2026

About Goauthentik Authentik Security

This page provides comprehensive security vulnerability tracking for Goauthentik Authentik. Our database includes all CVEs affecting this product, updated in real-time from official sources.

Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.

Security Recommendations

  • • Always keep Authentik updated to the latest version
  • • Subscribe to security advisories from Goauthentik
  • • Monitor this page for new vulnerabilities affecting your version
  • • Prioritize patching critical and high severity issues immediately
Subscribe to RSS Feed →View All Goauthentik Products →