CVE-2026-40165

CVSS v3.1

8.7

High

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions 2026.2.0-rc1 through 2026.2.2

Description An authentication bypass exists due to SAML NameID XML Comment Injection. The software incorrectly extracts the NameID value from a SAML assertion, allowing an attacker to inject an XML comment that truncates the value. This enables an attacker with an account on a SAML Source and the ability to modify their NameID (such as a username or email) to gain access to other user accounts, provided that XML Signing is enabled.

Recommendations Update versions prior to 2025.12.5 to 2025.12.5. Update versions 2026.2.0-rc1 through 2026.2.2 to 2026.2.3.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91CWE-287CWE-436

Related Identifiers

BIT-AUTHENTIK-2026-40165

CVE-2026-40165

Affected Products

Authentik

CVE-2026-40165

Weakness Enumeration

Related Identifiers

Affected Products

References · 10