CVE-2026-25922HIGH 8.8EPSS p6.1%

CVE-2026-25922CVE-2026-25922

Description

authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does not have the Encryption Certificate setting under Advanced Protocol settings configured, it was possible for an attacker to inject a malicious assertion before the signed assertion that authentik would use instead. authentik 2025.8.6, 2025.10.4, and 2025.12.4 fix this issue.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.17% probability of exploitation · percentile 6.1% · 2026-06-19T12:03:05Z
Published2026-02-12
Last modified2026-02-18

Underlying weaknesses· 2

CWE-287CWE-347

References

  1. https://github.com/goauthentik/authentik/releases/tag/version%2F2025.10.4
  2. https://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.4
  3. https://github.com/goauthentik/authentik/releases/tag/version%2F2025.8.6
  4. https://github.com/goauthentik/authentik/security/advisories/GHSA-jh35-c4cc-wjm4

2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-47201
CVE
CVE-2026-41577
CVE
CVE-2026-40165
CVE
CVE-2026-49443
CVE
CVE-2026-49448
CVE
CVE-2026-41569
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.