Security

In PostgreSQL versions prior to 18.2, 17.8, 16.12, 15.16 and 14.21 a medium severity vulnerability CVE-2026-2003 was detected. This vulnerability allows a database user to disclose portions of server memory due to improper validation of the “oidvector” type, which may expose sensitive information under certain conditions. To address this issue, users should upgrade to PostgreSQL versions 18.2, 17.8, 16.12, 15.16, 14.21 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-2003.

In Traefik versions prior to 3.6.8 a high severity vulnerability CVE-2026-25949 was detected. This vulnerability allows an unauthenticated attacker to bypass the entrypoint respondingTimeouts.readTimeout setting by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and stalling the connection, causing connections to remain open indefinitely and potentially leading to a denial-of-service condition. To address this issue, users should upgrade Traefik to version 3.6.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25949.

In Vaultwarden versions prior to 1.35.3 a medium severity vulnerability CVE-2026-26012 was detected. This vulnerability allows a regular organization member to retrieve all ciphers within an organization, regardless of collection permissions, via the /ciphers/organization-details endpoint due to missing collection-level access control enforcement. To address this issue, users should upgrade Vaultwarden to version 1.35.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-26012.

In authentik versions prior to 2025.8.6, 2025.10.4 and 2025.12.4 a high severity vulnerability CVE-2026-25922 was identified. This vulnerability allows an attacker to inject a malicious SAML assertion when using a SAML Source with the “Verify Assertion Signature” option enabled but “Verify Response Signature” disabled, or when the Encryption Certificate is not configured under Advanced Protocol settings. To address this issue, users should upgrade Authentik to versions 2025.8.6, 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25922.

In authentik versions prior to 2025.10.4 and 2025.12.4 a high severity vulnerability CVE-2026-25748 was identified. This vulnerability allows an attacker to bypass authentication by using a malformed cookie when forward authentication is enabled in the authentik Proxy Provider, particularly when used with Traefik or Caddy as a reverse proxy. Exploiting this issue prevents the setting of authentik-specific X-Authentik-* headers, potentially granting unauthorized access. To address this issue, users should upgrade authentik to versions 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25748.

In authentik versions from 2021.3.1 up to but not including 2025.8.6, 2025.10.4 and 2025.12.4 a critical severity vulnerability CVE-2026-25227 was identified. This vulnerability allows a user with delegated permissions—specifically “Can view * Property Mapping” or “Can view Expression Policy”—to execute arbitrary code within the authentik server container through the test endpoint, which is intended to preview property mappings or policies. To address this issue, users should upgrade authentik to versions 2025.8.6, 2025.10.4, 2025.12.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-25227.

In OpenVPN versions 2.7_alpha1 through 2.7_rc5 a low severity vulnerability CVE-2025-15497 was detected. This vulnerability allows remote authenticated users to trigger an assertion failure due to insufficient epoch key slot processing, resulting in a denial of service. To address this issue, users should upgrade OpenVPN to version 2.7_rc5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-15497.

In Traefik versions prior to 2.11.35 and 3.6.7 a medium severity vulnerability CVE-2026-22045 was detected. This vulnerability allows unauthenticated attackers to cause a denial of service by opening multiple ACME TLS-ALPN connections and stalling the handshake, indefinitely tying up goroutines and file descriptors when automatic certificate generation is enabled. To address this issue, users should upgrade Traefik to version 2.11.35 or 3.6.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-22045.

In OpenVPN versions 2.5.0 through 2.7_rc2 a low severity vulnerability CVE-2025-13751 was identified. This vulnerability allows a local authenticated user on Windows to connect to the Interactive Service Agent and trigger an error causing a local denial of service. To address this issue, users should upgrade OpenVPN to versions 2.6.17, 2.7_rc3, or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-13751.