VIR Vulnerability Intelligence Relay

Package impact

golang Go / goauthentik.io

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-47201 high 8.5 8.5 5d ago authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre…
CVE-2025-64708 unknown 7mo ago authentik's invitation expiry is delayed by at least 5 minutes in goauthentik.io
CVE-2025-64521 unknown 7mo ago authentik allows a deactivated Service account to authenticate to OAuth in goauthentik.io
CVE-2025-53942 unknown 11mo ago Authentik has insufficient check for account active status when authenticating with OAuth/SAML Sources in goauthentik.io
CVE-2024-42490 unknown 2y ago GoAuthentik vulnerable to Insufficient Authorization for several API endpoints in goauthentik.io
CVE-2024-23647 unknown 2y ago Authentik vulnerable to PKCE downgrade attack in goauthentik.io