CVE-2026-47201

EUVD-2026-34027
authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. This issue has been patched in versions 2025.12.5, 2026.2.3, and 2026.5.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
8.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
goauthentikauthentik
𝑥
< 2025.12.5
CNA
goauthentikauthentik
𝑥
< 2026.2.3
CNA
goauthentikauthentik
𝑥
< 2026.5.1
CNA
Common Weakness Enumeration
References
https://github.com/goauthentik/authentik/security/advisories/GHSA-c3m2-jqmq-pvp3