CVE-2026-25922 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: February 13, 2026
authentik - Authentication Bypass
Overview
authentik prior to 2025.8.6, 2025.10.4, and 2025.12.4 contains an authentication bypass caused by improper verification of SAML assertion signatures, letting attackers inject malicious assertions to bypass authentication, exploit requires specific SAML source configuration.
Severity & Score
Impact
Attackers can bypass authentication by injecting malicious SAML assertions, potentially gaining unauthorized access.
Mitigation
Update to versions 2025.8.6, 2025.10.4, or 2025.12.4 or later.
References
Social Media Activity(2 posts)
š CVE-2026-25922 CVE-2026-25922 š CVSS Score: 8.8 ā ļø Severity: High š Published: 02/12/2026, 08:16 PM š·ļø Aliases: CVE-2026-25922 š”ļø CWE: CWE-287, CWE-347 š CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ([email protected]) š References: https://github.com/goauthentik/authentik/releases/tag/version/2025.10.4 https://github.com/goauthentik/authentik/releases/tag/version/2025.12.4 š https://hecate.pw/vulnerability/CVE-2026-25922 #cve #vulnerability #hecate
View original post
š CVE-2026-25922 - High (8.8) authentik is an open-source identity provider. Prior to 2025.8.6, 2025.10.4, and 2025.12.4, when using a SAML Source that has the option Verify Assertion Signature under Verification Certificate enabled and not Verify Response Signature, or does n... š https://www.thehackerwire.com/vulnerability/CVE-2026-25922/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25922
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 0.9%
- Social Posts
- 2
CWE
- CWE-287
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H