HIGH
goauthentik
CVE published 2026-05-21
CVE-2026-40165
CVE-2026-40165 is a high-severity authentication bypass in authentik’s SAML login flow. According to the CVE description, an attacker who already has an account on a SAML Source and can influence their NameID value may be able to inject an XML comment into the NameID field, causing authentik to read only part of the value and potentially map the login to another user’s account. The issue is fixed in authe [truncated]