PT-2026-45833 · Authentik · Authentik

Android-Login-Analysis

Published

2026-06-02

Updated

2026-06-05

CVE-2026-41577

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3

Description The SAML source response processor ResponseProcessor.parse() fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, and AudienceRestriction are ignored, which enables the replay of expired assertions and the acceptance of assertions intended for different service providers.

Recommendations Update to version 2025.12.5. Update to version 2026.2.3.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

BIT-AUTHENTIK-2026-41577

CVE-2026-41577

Affected Products

Authentik

PT-2026-45833 · Authentik · Authentik

CVE-2026-41577

Weakness Enumeration

Related Identifiers

Affected Products

References · 4