Improper access control in authentik - CVE-2026-55106
Published: July 17, 2026
authentik
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in the LDAP Source debug API endpoint when handling diagnostic action requests. A remote attacker can send a crafted request to disclose sensitive information.
Only deployments with one or more LDAP Sources configured are vulnerable. The exposed data is limited to distinguished names of directory entries and the names of attributes present on them, but not attribute values.