goauthentik.io (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package goauthentik.io, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-47201 — CVSS 8.5 (high): authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is…
CVE-2024-42490 — CVSS 7.5 (high): authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization…
CVE-2025-53942 — CVSS 7.4 (high): authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In…
CVE-2024-23647 — CVSS 6.5 (medium): Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the…
CVE-2025-64708 — CVSS 5.8 (medium): authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were…
CVE-2025-64521 — CVSS 4.8 (medium): authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, when authenticating with client_id and…