Improper access control in authentik - #VU131252
Published: May 12, 2026
Vulnerability identifier: #VU131252
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Authentik Security Inc
Affected software:
authentik
authentik
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in the OAuth2/OpenID Connect provider configuration handling when processing the first authorization request for a provider with no redirect URIs configured. A remote attacker can send an authorization request with an attacker-controlled redirect_uri to disclose sensitive information.
User interaction is required to complete a legitimate OAuth2 flow after the redirect URI has been poisoned, and the impact extends to relying party applications because authorization codes can be redirected outside the identity provider's security scope.
Remediation
Install security update from vendor's website.