Security

In authentik versions prior to 2025.12.6, 2026.2.4, and 2026.5.1 a high severity vulnerability CVE-2026-49443 was detected. This vulnerability allows an attacker to log into any user’s account (Account Takeover). This occurs because an attacker who has the ability to change a source connection and possesses an account in one of the configured sources can exploit improper validation of the source connection to bypass authentication. To address this issue, users should upgrade authentik to versions 2025.12.6, 2026.2.4, or 2026.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4944.

In authentik versions prior to 2025.12.5 and 2026.2.3 a medium severity vulnerability CVE-2026-41577 was detected. This vulnerability allows an attacker to replay expired SAML assertions or use assertions intended for other service providers, potentially leading to unauthorized access. This occurs because the SAML source response processor (ResponseProcessor.parse()) fails to validate the Conditions element on assertions, improperly ignoring the NotBefore, NotOnOrAfter, and AudienceRestriction restrictions. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41577.

In Wazuh authd versions prior to 4.14.4 a low severity vulnerability CVE-2026-32984 was detected. This vulnerability allows an attacker to cause a denial of service (DoS) condition. This occurs due to a heap buffer overflow when the authentication daemon processes specially crafted input, leading to memory corruption and malformed heap data. To address this issue, users should upgrade Wazuh to version 4.14.3 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32984.

In authentik versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40166 was detected. This vulnerability allows authenticated non-admin users to retrieve the confidential OAuth client_secret of providers they have previously authenticated against. This occurs because the GET /api/v3/oauth2/access_tokens/ endpoint improperly includes a nested provider object containing the client_id and client_secret in its response, exposing sensitive information to low-privilege users. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40166.

In authentik versions 2025.12.4 and prior, and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40165 was detected. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to other user accounts. This occurs because an attacker can inject an XML comment into the SAML NameID value, causing authentik to truncate the identifier to the portion before the comment. The issue can be exploited if the attacker has an account on a SAML Source with XML Signing enabled and the ability to modify their NameID value. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40165.

In FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.

In FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.

In FreeIPA versions 2.x and 3.x before 3.1.2 a high severity vulnerability CVE-2012-5484 was detected. This vulnerability allows attackers to perform man-in-the-middle (MITM) attacks and spoof a join procedure via a crafted certificate because the client does not properly obtain the Certification Authority (CA) certificate from the server. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2012-5484.

In Wazuh versions 4.8.0 up to before 4.14.4 a medium severity vulnerability CVE-2026-28221 was detected. This vulnerability allows attackers to trigger a stack-based buffer overflow in the print_hex_string() function via specially crafted input sent over the network prior to authentication, potentially leading to memory corruption, denial of service, or further exploitation. To address this issue, users should upgrade Wazuh to version 4.14.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-28221.