Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
8.8

authentik SAML Identity Provider Allows Malicious Assertion Injection

CVE-2026-25922 BIT-authentik-2026-25922
Summary

Prior versions of authentik's SAML identity provider allowed attackers to inject fake identity information. This happened when certain security settings were not properly configured. Update to the latest version to fix this issue.

What to do
  • Update authentik to version 2025.12.4.
Affected software
Ecosystem VendorProductAffected versions
goauthentik authentik < 2025.8.6
>= 2025.10.0, < 2025.10.4
>= 2025.12.0, < 2025.12.4
cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*
Bitnami authentik >= 2025.10.0, < 2025.12.4
Fix: upgrade to 2025.12.4
Original title
authentik has a Signature Verification Bypass via SAML Assertion Wrapping
Original description
authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under Advanced Protocol settings configured, it was possible for an attacker to inject a malicious assertion before the signed assertion that authentik would use instead. authentik 2025.8.6, 2025.10.4, and 2025.12.4 fix this issue.
nvd CVSS3.1 8.8
Vulnerability type
CWE-287 Improper Authentication
CWE-347 Improper Verification of Cryptographic Signature
Published: 16 Apr 2026 · Updated: 17 Apr 2026 · First seen: 6 Mar 2026