Kah-Ja

**Name of the Vulnerable Software and Affected Versions** authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 **Description** An issue exists in the Simple Flow Executor (SFE), which is a component used to manage the sequence of steps in an authentication flow. Due to the implementation of stages designed to maintain compatibility with legacy browsers, a cross-site scripting (XSS) flaw is present in the `AutosubmitStage` function. XSS is a type of security flaw that allows an attacker to inject malicious scripts into web pages viewed by other users. **Recommendations** Update to version 2025.12.5. Update to version 2026.2.3.