📦 Authentik

This vulnerability in authentik allows authenticated users with specific delegated permissions to execute arbitrary code on the authentik server container via the test endpoint. It affects authentik d...

This vulnerability in authentik allows session hijacking through Remote Access Control (RAC) tokens. An attacker who obtains a RAC token URL (e.g., via screenshare) can use it to access the same sessi...

This vulnerability allows attackers to bypass OAuth2 redirect URI validation in authentik by exploiting improper regex escaping. Attackers can register malicious domains that match the regex pattern o...

This vulnerability allows attackers to bypass password authentication in authentik by sending a malformed X-Forwarded-For header containing a non-IP address value like 'a'. This enables logging into a...

This vulnerability in authentik allows attackers to reset passwords for any user account when administrators create recovery links or send recovery URLs. Attackers can exploit insufficient token valid...

This vulnerability in authentik allows attackers to bypass SAML authentication by injecting malicious assertions before legitimate signed ones. It affects authentik instances with specific SAML Source...

This vulnerability allows deactivated users who registered via OAuth/SAML to retain partial system access in authentik. They can authorize applications if they know the application URL, despite being ...

authentik versions prior to 2024.12.4 and 2025.2.3 have a session management vulnerability when configured with database session storage. Attackers with existing sessions could maintain access even af...

This vulnerability in authentik allows attackers to obtain OAuth tokens with unauthorized scopes when using client_credentials or device_code grants. Attackers can gain access to resources beyond thei...

This vulnerability in authentik allows unauthenticated users to access sensitive API endpoints if they know specific object UUIDs. It affects authentik Identity Provider deployments, potentially expos...

This vulnerability in authentik's API-Access-Token mechanism allows attackers to escalate privileges to full admin access. Any authentik instance running vulnerable versions is affected, enabling atta...

Authentik is vulnerable to reflected Cross-Site Scripting (XSS) via JavaScript-URIs in OpenID Connect flows when using response_mode=form_post. This allows attackers to execute arbitrary JavaScript in...

This vulnerability allows attackers to bypass PKCE (Proof Key for Code Exchange) protection in authentik's OAuth2 flows. When an OAuth2 flow is initiated with a code_challenge but the attacker omits t...

This vulnerability in authentik allows attackers to spoof IP addresses by manipulating X-Forwarded-For and X-Real-IP headers. It affects authentik deployments without reverse proxies, enabling IP bypa...

This vulnerability allows deactivated service accounts in authentik to still authenticate via OAuth client credentials, bypassing account status controls. It affects authentik deployments using OAuth ...

This vulnerability in authentik allows expired invitations to remain valid for up to 5 minutes or longer during system backlog, potentially enabling unauthorized access. It affects all authentik deplo...