Skip to main content

authentik CVE-2026-40165

HIGH
XML Injection (aka Blind XPath Injection) (CWE-91)
2026-05-21 security-advisories@github.com
8.7
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.7 HIGH
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 21, 2026 - 00:28 vuln.today
Analysis Generated
May 21, 2026 - 00:28 vuln.today

DescriptionGitHub Advisory

authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable to Authentication Bypass through SAML NameID XML Comment Injection. Due to how authentik extracted the NameID value from a SAML assertion, it was possible for an attacker to trick authentik into only seeing a part of the NameID value, potentially allowing an attacker to gain access to other accounts. This issue could be exploited on an authentik instance with a SAML Source, where the attacker had an account on the SAML Source and the ability to modify their NameID value (commonly username or E-mail), and XML Signing was enabled. The attacker could modify the SAML assertion given to authentik by injecting a comment within the NameID value, which effectively truncated the NameID value to the snippet before the comment, and gave the attacker access to any user account. This issue has been fixed in versions 2025.12.5 and 2026.2.3.

AnalysisAI

Authentication bypass in authentik identity provider allows attackers with an account on a federated SAML Source to impersonate arbitrary users by injecting an XML comment into the NameID value of a signed SAML assertion. Affected versions are 2025.12.4 and prior, plus 2026.2.0-rc1 through 2026.2.2; the GitHub Security Advisory GHSA-9wj8-xv4r-qwrp confirms the issue with a CVSS 8.7 (High) score, and no public exploit is identified at time of analysis though the upstream commit and a regression test demonstrate the truncation behavior.

Technical ContextAI

authentik is an open-source identity provider written in Python that supports federated authentication via SAML Sources. The root cause maps to CWE-91 (XML Injection / Improper Neutralization of Special Elements in Output) in authentik/sources/saml/processors/response.py: the _get_name_id() helper previously returned the NameID element and downstream code read its .text attribute, which in lxml returns only the text content up to the first child node - including an XML comment node. When an attacker submits an assertion like '<NameID>admin<!--x-->@evil.com</NameID>', the cryptographic signature remains valid because the comment is part of the canonicalized signed XML, but .text returns only 'admin', causing authentik to match a different user than the IdP actually asserted. The fix changes the helper to return ''.join(name_id.itertext()), which concatenates all text segments while ignoring comment nodes, yielding the full string the IdP signed.

Affected ProductsAI

Affected: authentik versions 2025.12.4 and earlier, and the 2026.2 release candidate series 2026.2.0-rc1 through 2026.2.2, when configured with at least one SAML Source that has XML Signing enabled. No CPE strings were supplied in the input. Vendor advisory: https://github.com/goauthentik/authentik/security/advisories/GHSA-9wj8-xv4r-qwrp; fix commit: https://github.com/goauthentik/authentik/commit/47dec5c6b7fb4a62bfad2ae8bddf002bde7ba774; release tag: https://github.com/goauthentik/authentik/releases/tag/version/2025.12.5.

RemediationAI

Vendor-released patch: upgrade to authentik 2025.12.5 (stable) or 2026.2.3 (release candidate line) per https://github.com/goauthentik/authentik/releases/tag/version/2025.12.5 and the GHSA-9wj8-xv4r-qwrp advisory. If immediate upgrade is not possible, the vendor-supplied workaround is to attach a SAML Source property mapping to every SAML Source containing the expression 'if name_id.text != "".join(name_id.itertext()): raise ValueError("Mismatched NameID")' followed by 'return {}', which rejects any assertion whose NameID contains comment or child nodes - note this hard-fails logins for any IdP that legitimately emits such structures, which is rare but should be regression-tested. As a temporary compensating control, disable SAML Sources whose upstream IdP lets users freely choose their NameID (self-service username/email change) until the upgrade is applied; sources backed by tightly-controlled directories are at lower practical risk.

Share

CVE-2026-40165 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy