In Traefik versions before 2.10.5 and 3.0.0-beta4 a high severity vulnerability CVE-2023-54365 was detected. This vulnerability allows a remote attacker to rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability. To address this issue, users should upgrade Traefik to version 2.10.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-54365.
Read more SecurityIn Traefik versions 3.7.0-ea.1 to before 3.7.5 a medium severity vulnerability CVE-2026-54762 was detected. This vulnerability allows an unauthenticated attacker to access backend services that were intended to be protected, leading to an authentication bypass. This occurs in the Kubernetes Ingress NGINX provider due to a fail-open behavior. When an Ingress explicitly enables BasicAuth or DigestAuth through annotations, but the referenced auth-secret cannot be resolved or parsed (e.g., it is missing, malformed, or policy-denied), Traefik logs the error and skips installing the authentication middleware, while still routing traffic to the backend service. To address this issue, users should upgrade Traefik to version 3.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-54762.
In authentik versions prior to 2025.12.6, 2026.2.4, and 2026.5.1 a high severity vulnerability CVE-2026-49443 was detected. This vulnerability allows an attacker to log into any user’s account (Account Takeover). This occurs because an attacker who has the ability to change a source connection and possesses an account in one of the configured sources can exploit improper validation of the source connection to bypass authentication. To address this issue, users should upgrade authentik to versions 2025.12.6, 2026.2.4, or 2026.5.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-4944.
Read more SecurityIn authentik versions prior to 2025.12.5 and 2026.2.3 a medium severity vulnerability CVE-2026-41577 was detected. This vulnerability allows an attacker to replay expired SAML assertions or use assertions intended for other service providers, potentially leading to unauthorized access. This occurs because the SAML source response processor (ResponseProcessor.parse()) fails to validate the Conditions element on assertions, improperly ignoring the NotBefore, NotOnOrAfter, and AudienceRestriction restrictions. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-41577.
Read more SecurityIn Wazuh authd versions prior to 4.14.4 a low severity vulnerability CVE-2026-32984 was detected. This vulnerability allows an attacker to cause a denial of service (DoS) condition. This occurs due to a heap buffer overflow when the authentication daemon processes specially crafted input, leading to memory corruption and malformed heap data. To address this issue, users should upgrade Wazuh to version 4.14.3 (or later). For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-32984.
Read more SecurityIn authentik versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40166 was detected. This vulnerability allows authenticated non-admin users to retrieve the confidential OAuth client_secret of providers they have previously authenticated against. This occurs because the GET /api/v3/oauth2/access_tokens/ endpoint improperly includes a nested provider object containing the client_id and client_secret in its response, exposing sensitive information to low-privilege users. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40166.
Read more SecurityIn authentik versions 2025.12.4 and prior, and 2026.2.0-rc1 through 2026.2.2 a high severity vulnerability CVE-2026-40165 was detected. This vulnerability allows an attacker to bypass authentication and gain unauthorized access to other user accounts. This occurs because an attacker can inject an XML comment into the SAML NameID value, causing authentik to truncate the identifier to the portion before the comment. The issue can be exploited if the attacker has an account on a SAML Source with XML Signing enabled and the ability to modify their NameID value. To address this issue, users should upgrade authentik to versions 2025.12.5 or 2026.2.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-40165.
Read more SecurityIn FreeIPA versions 3.0 before 3.1.2 a medium severity vulnerability CVE-2013-0199 was detected. This vulnerability allows remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors due to default LDAP ACIs failing to restrict access to the ipaNTTrustAuthIncoming and ipaNTTrustAuthOutgoing attributes. To address this issue, users should upgrade FreeIPA to version 3.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0199.
Read more SecurityIn FreeIPA versions before 3.2.0 a medium severity vulnerability CVE-2013-0336 was detected. This vulnerability allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn to the 389 directory server. To address this issue, users should upgrade FreeIPA to version 3.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2013-0336.
Read more Security