HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-47201Published Modified CNA GitHub_M

CVE-2026-47201: authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. This issue has been patched in versions 2025.12.5, 2026.2.3, and 2026.5.1.

Metrics

CVSS v3.1
8.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

XML Signature Wrapping (XSW) is an authentication bypass vulnerability in authentik, an open-source identity provider. The flaw is reachable over the network and requires a low-privilege account at an upstream identity provider; no victim interaction is needed. A successful attacker reuses a legitimately signed SAML assertion to authenticate as any other federated user, gaining full access under that user's identity. Fix versions 2025.12.5, 2026.2.3, and 2026.5.1 have been published, and a patched-image rebuild is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-47201 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built images that package authentik. Coverage applies to images in both connected registries and active CI/CD pipelines.

Available
Triage

HarborGuard scores this finding at CVSS 8.5 HIGH (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and applies per-environment compliance policy weighting before routing the alert to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at versions 2025.12.5, 2026.2.3, or 2026.5.1 is available on HarborGuard for any environment found running an affected authentik image. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the authentik SAML ACS endpoint over the network to submit a crafted SAML response.

  • AuthenticationRequired

    The attacker must hold any valid account at the upstream identity provider; a low-privilege account is sufficient.

  • Victim interactionNot required

    No victim action is needed; the attacker submits the forged assertion directly to the ACS endpoint.

  • Attack complexityDetail

    Exploitation is rated AC:H, meaning the attacker must carefully craft the XML structure to wrap a legitimate signed assertion around a malicious one, requiring non-trivial knowledge of the target's SAML configuration.

Blast Radius

  • Reads all data accessible to the impersonated federated user, including session tokens, profile attributes, and any resources governed by authentik's authorization policies.
  • Modifies account data or application state on behalf of the impersonated user, including group memberships and application-level records if the downstream application trusts authentik-issued sessions.
  • Disrupts the impersonated user's active sessions by taking over their identity and locking them out or altering their credentials.
  • The scope is marked Changed (S:C), meaning impact extends beyond authentik itself to downstream applications and services that rely on it for authentication.

How HarborGuard Handles This

Available on HarborGuard: detection of CVE-2026-47201 is active the moment the advisory is ingested, and rebuilt images pinned to the patched releases (2025.12.5, 2026.2.3, or 2026.5.1) are available for affected environments. For customers with auto-remediation enabled, HarborGuard rebuilds the image, runs a regression test pass, and opens a pull request against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Where compliance policy does not permit automated remediation, the finding is routed to the designated team inbox with full CVSS context and remediation guidance. Until a patched image is deployed, compensating controls include restricting network access to the SAML ACS endpoint to known upstream IdP IP ranges via network policy, and auditing recent SAML authentication events for unexpected cross-user assertions.

See how HarborGuard automates this
Affected packages
  • goauthentik / authentik
    < 2025.12.5 · < 2026.2.3 · < 2026.5.1
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
References