Interpretation Conflict in authentik - CVE-2026-57580
Published: July 17, 2026
authentik
Detailed vulnerability description
The vulnerability allows a remote attacker to authenticate as another user.
The vulnerability exists due to interpretation conflict in SAML NameID processing when handling a validly signed assertion containing an XML comment in the NameID. A remote attacker can insert an XML comment into a crafted NameID to authenticate as another user.
Only inbound SAML Sources configured with the non-default username or email user-matching mode are affected. Exploitation requires that the attacker has an account on the source IdP and can set their own NameID. The resulting account link persists for subsequent logins.