CVE-2026-47201

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 authentik versions prior to 2026.5.1

Description The SAML Source ACS endpoint is susceptible to XML Signature Wrapping, a technique where a valid signature is used to mask forged content within an XML document. This occurs when validating upstream SAML responses, as the system may verify a signature against a legitimate assertion while processing identity data from a different, forged assertion. An attacker with a valid account at the upstream Identity Provider (IdP) can capture a legitimate signed SAML response and modify it to include a victim's identifier or chosen attributes. This allows the attacker to authenticate as a federated user who has previously used the SAML Source or as a local user matched by forged email or username.

Recommendations Update to version 2025.12.5 or newer. Update to version 2026.2.3 or newer. Update to version 2026.5.1 or newer. As a temporary workaround, disable affected SAML Sources or block access to their ACS endpoints.