CVE-2026-47201 in authentikالمعلومات

الملخص

بحسب MITRE • 03/06/2026

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. This issue has been patched in versions 2025.12.5, 2026.2.3, and 2026.5.1.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

19/05/2026

إفشاء

03/06/2026

الاعتدال

تمت الموافقة

إدخال

VDB-368032

CPE

جاهز

CWE

CWE-617 (مؤكد)

CVSS

8.5 (CNA)

EPSS

0.00063

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-47201
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-47201
CVE Details	https://www.cvedetails.com/cve/CVE-2026-47201/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!