goauthentik Latest High & Critical Vulnerabilities
Latest High & Critical vulnerabilities published by goauthentik
Vulnerability Published:
ποΈ Published
- Anytime
Sort By:
ποΈ Published Date
- Descending
Bypass Vulnerability in Authentik Identity Provider by GoAuthentik
CVE-2026-49448GoauthentikAuthentik9.8CRITICALAuthentication Bypass Vulnerability in Authentik Identity Provider
CVE-2026-49443GoauthentikAuthentik8.8HIGHXML Signature Wrapping Vulnerability in Authentik Open-Source Identity Provider
CVE-2026-47201GoauthentikAuthentik8.5HIGHXSS Vulnerability in Authentik Identity Provider by GoAuthentik
CVE-2026-42849GoauthentikAuthentik9.3CRITICALOpen-source Identity Provider Privilege Escalation Vulnerability in Authentik
CVE-2026-40172GoauthentikAuthentik8.1HIGHInformation Exposure in Authentik Open-Source Identity Provider
CVE-2026-40166GoauthentikAuthentik7.1HIGHAuthentication Bypass Vulnerability in Authentik Identity Provider by GoAuthentik
CVE-2026-40165GoauthentikAuthentik8.7HIGHSAML Assertion Vulnerability in authentik Identity Provider
CVE-2026-25922GoauthentikAuthentik8.8HIGHAuthentication Bypass in Authentik Due to Malformed Cookie with Traefik or Caddy
CVE-2026-25748GoauthentikAuthentik8.6HIGHArbitrary Code Execution Vulnerability in Authentik Identity Provider by GoAuthentik
CVE-2026-25227GoauthentikAuthentik9.1CRITICALOAuth/SAML Vulnerability in authentik Identity Provider
CVE-2025-53942GoauthentikAuthentik7.1HIGHSession Management Flaw in Authentik Identity Provider
CVE-2025-29928GoauthentikAuthentik8HIGHauthentik fixed vulnerability in OAuth2 provider allowing malicious redirect URIs
CVE-2024-52289GoauthentikAuthentik7.9HIGHOAuth2 Device Code Flow Vulnerability
CVE-2024-38371GoauthentikAuthentik8.6HIGHAuthentik API-Access-Token Vulnerability Allows for Admin User Privileges Exploit
CVE-2024-37905GoauthentikAuthentik8.8HIGHXSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode
CVE-2024-21637GoauthentikAuthentik7.7HIGHAuthentik Fixes Issue with Token Requests
CVE-2023-48228goauthentikauthentik9.8CRITICALauthentik potential installation takeover when default admin user is deleted
CVE-2023-46249GoauthentikAuthentik9.7CRITICALAuthentik lacks Proxy IP headers validation
CVE-2023-36456GoauthentikAuthentik8.3HIGHInsufficient user check in FlowTokens by Email stage
CVE-2023-26481GoauthentikAuthentik9.1CRITICALauthentik vulnerable to Improper Authentication via invitation URL token reuse
CVE-2022-23555GoauthentikAuthentik9.4CRITICALauthentik vulnerable to unauthorized user creation and potential account takeover
CVE-2022-46145GoauthentikAuthentik8.1HIGH