CNNVD-202602-2078 Information

CNNVD ID

CNNVD-202602-2078

Related CVE

CVE-2026-25949

• CNNVD Published: 2026-02-12

Description (Chinese)

authentik是authentik开源的一个开源身份提供应用程序。 authentik 3.6.8之前版本存在资源管理错误漏洞，该漏洞源于处理STARTTLS请求时存在潜在漏洞，可能导致未经验证的客户端通过发送Postgres SSLRequest前导并停滞来绕过响应超时，造成拒绝服务。

Description (English)

Authentik is an open source identity to provide an application. The previous version of authentik 3.6.8 had a resource management error loophole, which stemmed from a potential loophole in the processing of STARTTLS requests, which could lead uncertified clients to circumvent response times by sending the Postgres SSLRequest pilot and stalling.

Hazard Level

Medium

Vulnerability Type

资源管理错误

Affected Vendor

authentik

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/traefik/traefik/commit/31e566e9f1d7888ccb6fbc18bfed427203c35678 https://github.com/traefik/traefik/releases/tag/v3.6.8 https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w https://access.redhat.com/security/cve/cve-2026-25949

Patch

https://github.com/traefik/traefik/releases