CNNVD-202602-2080 Information
CNNVD ID
CNNVD-202602-2080
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.8.6之前版本、2025.10.4之前版本和2025.12.4之前版本存在数据伪造问题漏洞,该漏洞源于使用特定配置的SAML源时,攻击者可能注入恶意断言。
Description (English)
Authentik is an open source identity to provide an application. There is a data-false loophole in previous versions of authentik 2025.8.6, before 2025.10.4 and before 2025.12.4, which stems from the use of a specific configuration of SAML sources, which may inject malicious assertions by the attackers.
Vulnerability Type
数据伪造问题
Affected Vendor
authentik
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/goauthentik/authentik/releases/tag/version%2F2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.4 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.8.6 https://github.com/goauthentik/authentik/security/advisories/GHSA-jh35-c4cc-wjm4
Patch
https://github.com/goauthentik/authentik/releases
Share on: