CVE-2026-47201

HIGH

authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Title source: cna

Description

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. This issue has been patched in versions 2025.12.5, 2026.2.3, and 2026.5.1.

References (1)

Core 1

Core References

X_Refsource_Confirm x_refsource_confirm

https://github.com/goauthentik/authentik/security/advisories/GHSA-c3m2-jqmq-pvp3

Scores

CVSS v3 8.5

EPSS 0.0025

EPSS Percentile 16.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-20 CWE-347

Status published

Products (5)

Go/goauthentik.io 0 - 0.0.0-20260528144335-a370d76d23c7Go

goauthentik/authentik < 2025.12.6

goauthentik/authentik < 2025.12.5

goauthentik/authentik < 2026.2.3

goauthentik/authentik < 2026.5.1

Published Jun 02, 2026

Tracked Since Jun 03, 2026