CVE-2026-40165 | goauthentik up to 2025.12.4/2026.2.2 NameID improper authentication (GHSA-9wj8-xv4r-qwrp)

A vulnerability categorized as critical has been discovered in goauthentik authentik up to 2025.12.4/2026.2.2. Impacted is an unknown function. The manipulation of the argument NameID results in improper authentication.

This vulnerability is cataloged as CVE-2026-40165. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More