Interpretation Conflict in authentik - CVE-2026-57580

 

Interpretation Conflict in authentik - CVE-2026-57580

Published: July 17, 2026


Vulnerability identifier: #VU138382
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-57580
CWE-ID: CWE-436
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Authentik Security Inc
Affected software:
authentik

Detailed vulnerability description

The vulnerability allows a remote attacker to authenticate as another user.

The vulnerability exists due to interpretation conflict in SAML NameID processing when handling a validly signed assertion containing an XML comment in the NameID. A remote attacker can insert an XML comment into a crafted NameID to authenticate as another user.

Only inbound SAML Sources configured with the non-default username or email user-matching mode are affected. Exploitation requires that the attacker has an account on the source IdP and can set their own NameID. The resulting account link persists for subsequent logins.


How to mitigate CVE-2026-57580

Install security update from vendor's website.

Sources