CNNVD-202602-2084 Information
CNNVD ID
CNNVD-202602-2084
Related CVE
- CNNVD Published: 2026-02-12
Description (Chinese)
authentik是authentik开源的一个开源身份提供应用程序。 authentik 2025.8.6之前版本、2025.10.4之前版本和2025.12.4之前版本存在代码注入漏洞,该漏洞源于具有特定权限的用户可通过测试端点执行任意代码。
Description (English)
Authentik is an open source identity to provide an application. Before, before, before, before and before 2025.10.4 and before 2025.12.4 there is a code-injecting loophole, which stems from the fact that users with specific permissions can enforce any code by testing the endpoint.
Vulnerability Type
代码注入
Affected Vendor
authentik
Published
2026-02-12
Last Modified
2026-02-24
References
https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.4 https://github.com/goauthentik/authentik/releases/tag/version%2F2025.8.6 https://github.com/goauthentik/authentik/security/advisories/GHSA-qvxx-mfm6-626f
Patch
https://github.com/goauthentik/authentik/releases
Share on: