LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-25227

CVE-2026-25227 - Vulnerability Analysis

CriticalCVSS: 9.1

Last Updated: February 13, 2026

authentik - Remote Code Execution

Published: February 12, 2026Updated: February 13, 2026Remote Exploitable

Overview

authentik 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4 contains a remote code execution caused by improper permission checks in the test endpoint for delegated permissions, letting users with specific view permissions execute arbitrary code within the server container, exploit requires user to have Can view * Property Mapping or Can view Expression Policy permissions.

Severity & Score

Severity: Critical
CVSS Score: 9.1
EPSS Score: 3.3%(Probability of exploitation in next 30 days)

Impact

Users with specific view permissions can execute arbitrary code within the server container, potentially leading to full server compromise.

Mitigation

Update to versions 2025.8.6, 2025.10.4, or 2025.12.4 or later.

References

Social Media Activity(3 posts)

Raphael
Raphael
@0x3e4
Feb 13, 2026

šŸ” CVE-2026-25227 CVE-2026-25227 šŸ“Š CVSS Score: 9.1 āš ļø Severity: Critical šŸ“… Published: 02/12/2026, 08:16 PM šŸ·ļø Aliases: CVE-2026-25227 šŸ›”ļø CWE: CWE-94 šŸ”— CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H ([email protected]) šŸ“š References: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80 https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 šŸ”— https://hecate.pw/vulnerability/CVE-2026-25227 #cve #vulnerability #hecate

View original post
Offensive Sequence
Offensive Sequence
@offseq
Feb 13, 2026

āš ļø CVE-2026-25227 (CRITICAL, CVSS 9.1): Code injection in goauthentik authentik via delegated permissions. Patch to 2025.8.6, 2025.10.4, or 2025.12.4 urgently. Audit permissions & monitor test endpoint usage. https://radar.offseq.com/threat/cve-2026-25227-cwe-94-improper-control-of-generati-cc39f642 #OffSeq #authentik #infosec #CVE

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Feb 12, 2026

šŸ”“ CVE-2026-25227 - Critical (9.1) authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view * Property Mapping or Can view Expression Policy is able to execut... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-25227/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-25227
Severity
Critical
CVSS Score
9.1
Type
undefined
Status
unconfirmed
EPSS
3.3%
Social Posts
3

CWE

  • CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

3.3%Probability of exploitation in the next 30 days