CNNVD-202602-2083 Information

CNNVD ID

CNNVD-202602-2083

Related CVE

CVE-2026-25748

• CNNVD Published: 2026-02-12

Description (Chinese)

authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.10.4之前版本和2025.12.4之前版本存在授权问题漏洞，该漏洞源于使用畸形Cookie时可能绕过身份验证，可能导致攻击者获得访问权限。

Description (English)

Authentik is an open source identity to provide an application. There is a mandate gap in previous versions of authentik 2025.10.4 and before 2025.12.4, which stems from the possibility of circumventing identification when using a deformity, Cookie, which could lead to access to the attackers.

Vulnerability Type

授权问题

Affected Vendor

authentik

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/goauthentik/authentik/releases/tag/version%2F2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.4 https://github.com/goauthentik/authentik/security/advisories/GHSA-fj56-5763-j8pp

Patch

https://github.com/goauthentik/authentik/releases