Goauthentik Security Vulnerabilities (CVEs)
Track 16 security vulnerabilities affecting Goauthentik products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in authentik allows attackers to bypass SAML authentication by injecting malicious assertions before legitimate signed ones. It aff...
Feb 12, 2026This vulnerability in authentik allows authenticated users with specific delegated permissions to execute arbitrary code on the authentik server conta...
Feb 12, 2026This vulnerability allows deactivated service accounts in authentik to still authenticate via OAuth client credentials, bypassing account status contr...
Nov 19, 2025This vulnerability in authentik allows expired invitations to remain valid for up to 5 minutes or longer during system backlog, potentially enabling u...
Nov 19, 2025This vulnerability allows deactivated users who registered via OAuth/SAML to retain partial system access in authentik. They can authorize application...
Jul 23, 2025This vulnerability in authentik allows session hijacking through Remote Access Control (RAC) tokens. An attacker who obtains a RAC token URL (e.g., vi...
Jun 27, 2025authentik versions prior to 2024.12.4 and 2025.2.3 have a session management vulnerability when configured with database session storage. Attackers wi...
Mar 28, 2025This vulnerability allows attackers to bypass OAuth2 redirect URI validation in authentik by exploiting improper regex escaping. Attackers can registe...
Nov 21, 2024This vulnerability in authentik allows attackers to obtain OAuth tokens with unauthorized scopes when using client_credentials or device_code grants. ...
Nov 21, 2024This vulnerability allows attackers to bypass password authentication in authentik by sending a malformed X-Forwarded-For header containing a non-IP a...
Sep 27, 2024This vulnerability in authentik allows unauthenticated users to access sensitive API endpoints if they know specific object UUIDs. It affects authenti...
Aug 22, 2024This vulnerability in authentik's API-Access-Token mechanism allows attackers to escalate privileges to full admin access. Any authentik instance runn...
Jun 28, 2024Authentik is vulnerable to reflected Cross-Site Scripting (XSS) via JavaScript-URIs in OpenID Connect flows when using response_mode=form_post. This a...
Jan 11, 2024This vulnerability allows attackers to bypass PKCE (Proof Key for Code Exchange) protection in authentik's OAuth2 flows. When an OAuth2 flow is initia...
Nov 21, 2023This vulnerability in authentik allows attackers to spoof IP addresses by manipulating X-Forwarded-For and X-Real-IP headers. It affects authentik dep...
Jul 6, 2023This vulnerability in authentik allows attackers to reset passwords for any user account when administrators create recovery links or send recovery UR...
Mar 4, 2023Why Monitor Goauthentik Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 16+ known vulnerabilities affecting Goauthentik products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Goauthentik packages in under 60 seconds. No agents required - completely agentless scanning that works across Goauthentik deployments.
Free vulnerability database: Access detailed information about every Goauthentik CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Goauthentik CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
