A critical authentication bypass flaw in authentik's SAML processing allows attackers to forge identities, requiring an immediate security update.

The SAML Source ACS endpoint is susceptible to XML Signature Wrapping (XSW) attacks. An unauthenticated attacker can reuse a valid signed assertion to successfully authenticate as another federated user, effectively bypassing the identity provider's security controls.

With a CVSS score of 8.5, this vulnerability carries a high risk of total account takeover within federated environments. Unauthorized access to identity management systems can lead to widespread data breaches, unauthorized access to downstream applications, and a complete compromise of the organization's single sign-on (SSO) infrastructure.

Immediate Action: Upgrade authentik to version 2025.12.5, 2026.2.3, 2026.2.4, or 2026.5.1 or later immediately.

Proactive Monitoring: Review authentication logs for suspicious SAML assertion patterns, particularly those involving unexpected users or mismatched assertion/response signatures.

Compensating Controls: If patching is delayed, consider disabling upstream SAML federation or implementing additional multi-factor authentication (MFA) requirements that operate independently of the SAML assertion.

Public Exploit Available: True

Given the central role of authentik in identity management, this vulnerability is critical. Administrators must apply the provided updates immediately to prevent potential identity impersonation and unauthorized access across the enterprise ecosystem.