CVE-2026-49448 | goauthentik up to 2025.12.5/2026.2.3/2026.5.0 improper authentication (GHSA-xp7f-xjjx-gwm8)

A vulnerability, which was classified as critical, was found in goauthentik authentik up to 2025.12.5/2026.2.3/2026.5.0. This affects an unknown part. Executing a manipulation can lead to improper authentication.

This vulnerability is tracked as CVE-2026-49448. The attack can be launched remotely. No exploit exists.

You should upgrade the affected component.VulDB Recent EntriesRead More