In RustDesk Client versions up to, including 1.4.5 on Windows, MacOS, Linux, iOS, and Android a high severity vulnerability CVE-2026-30794 was detected. This vulnerability allows an attacker to perform Adversary in the Middle (AiTM) attacks and intercept sensitive communications. This occurs due to improper certificate validation in the HTTP API client; specifically, if an initial TLS handshake fails, the client attempts a retry using the danger_accept_invalid_certs(true) configuration in the TLS transport module, which silently accepts invalid TLS certificates. To address this issue, users should upgrade RustDesk Client to a patched version 1.4.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-30794.
In authentik versions prior to 2025.12.6, 2026.2.4, and 2026.5.1 a high severity vulnerability CVE-2026-49443 was detected. This vulnerability allows an attacker to log into any user’s account (Account Takeover). This occurs because an attacker who has the ability to change a source connection and possesses an account in one of the configured sources can exploit improper validation of the source connection to bypass authentication. To address this issue, users should upgrade authentik to versions 2025.12.6, 2026.2.4, or 2026.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4944.
Read more Security
In authentik versions prior to 2025.12.5 and 2026.2.3 a medium severity vulnerability CVE-2026-41577 was detected. This vulnerability allows an attacker to replay expired SAML assertions or use assertions intended for other service providers, potentially leading to unauthorized access. This occurs because the SAML source response processor (ResponseProcessor.parse()) fails to validate the Conditions element on assertions, improperly ignoring the NotBefore, NotOnOrAfter, and AudienceRestriction restrictions. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41577.
Read more Security
In Wazuh authd versions prior to 4.14.4 a low severity vulnerability CVE-2026-32984 was detected. This vulnerability allows an attacker to cause a denial of service (DoS) condition. This occurs due to a heap buffer overflow when the authentication daemon processes specially crafted input, leading to memory corruption and malformed heap data. To address this issue, users should upgrade Wazuh to version 4.14.3 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32984.
Read more Security
In MinIO versions RELEASE.2022-07-24T01-54-52Z to before RELEASE.2026-04-14T21-32-45Z a medium severity vulnerability CVE-2026-42600 was detected. This vulnerability allows an attacker holding the cluster root JWT to read arbitrary files from outside the configured drive roots via a path traversal attack. This occurs because the ReadMultiple internode storage-REST endpoint improperly processes a msgpack-encoded POST request containing “../” sequences in the Bucket field, causing the server to open and return the contents of unintended files (bounded only by the MinIO process UID). To address this issue, users should upgrade MinIO to version RELEASE.2026-04-14T21-32-45Z. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-42600.
Read more Storage
In authentik versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40166 was detected. This vulnerability allows authenticated non-admin users to retrieve the confidential OAuth client_secret of providers they have previously authenticated against. This occurs because the GET /api/v3/oauth2/access_tokens/ endpoint improperly includes a nested provider object containing the client_id and client_secret in its response, exposing sensitive information to low-privilege users. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40166.
Read more Security
In authentik versions 2025.12.4 and prior, and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40165 was detected. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to other user accounts. This occurs because an attacker can inject an XML comment into the SAML NameID value, causing authentik to truncate the identifier to the portion before the comment. The issue can be exploited if the attacker has an account on a SAML Source with XML Signing enabled and the ability to modify their NameID value. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40165.
Read more Security
In FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.
Read more Security
In FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.
Read more Security