authentik has a forward authentication bypass with broken cookie

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious cookie was used, none of the authentik-specific X-Authentik-* headers were set which depending on application can grant access to an attacker. authentik 2025.10.4 and 2025.12.4 fix this issue.

AI Analysis

Forward authentication bypass with broken cookie

Basic Information

ID CVE-2026-25748

Source GitHub_M

Published Feb 12, 2026 at 19:36

Affected Product

Vendor goauthentik

Product authentik

Version >= 2025.10.0-rc1, < 2025.10.4

Affected Versions goauthentik authentik >= 2025.10.0-rc1, < 2025.10.4
goauthentik authentik >= 2025.10.0-rc1, < 2025.12.4

CWE Classification

CWE-287

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor goauthentik

Product authentik

Version 2025.10.0-rc1 to 2025.10.4, 2025.10.0-rc1 to 2025.12.4

References

{
    "lastseen": "",
    "description": "authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious cookie was used, none of the authentik-specific X-Authentik-* headers were set which depending on application can grant access to an attacker. authentik 2025.10.4 and 2025.12.4 fix this issue.",
    "published": "2026-02-12T19:36:45.631Z",
    "modified": "2026-02-12T19:36:45.631Z",
    "type": "cve",
    "title": "authentik has a forward authentication bypass with broken cookie",
    "source": "GitHub_M",
    "references": "https://github.com/goauthentik/authentik/security/advisories/GHSA-fj56-5763-j8pp\nhttps://github.com/goauthentik/authentik/releases/tag/version%2F2025.10.4\nhttps://github.com/goauthentik/authentik/releases/tag/version%2F2025.12.4",
    "id": "CVE-2026-25748",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "goauthentik authentik >= 2025.10.0-rc1, < 2025.10.4\ngoauthentik authentik >= 2025.10.0-rc1, < 2025.12.4",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "authentik",
    "version": ">= 2025.10.0-rc1, < 2025.10.4",
    "vendor": "goauthentik",
    "ai_description": "Forward authentication bypass with broken cookie",
    "ai_severity": "High",
    "ai_vendor": "goauthentik",
    "ai_product": "authentik",
    "ai_version": "2025.10.0-rc1 to 2025.10.4, 2025.10.0-rc1 to 2025.12.4",
    "ai_score": 8.6
}

authentik has a forward authentication bypass with broken cookie_CVE-2026-25748