CVE-2026-42849: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in goauthentik authentik
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issue has been patched in versions 2025.12.5 and 2026.2.3.
AI Analysis
Technical Summary
authentik versions prior to 2025.12.5 and 2026.2.3 contain a CWE-79 cross-site scripting vulnerability in the AutosubmitStage of the Simple Flow Executor. This vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. The flaw was introduced to maintain compatibility with legacy browsers. The vulnerability is critical with a CVSS 3.1 score of 9.3 and has been addressed by patches in the specified versions.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected authentik web interface, potentially leading to disclosure or modification of sensitive information. The vulnerability impacts confidentiality and integrity but does not affect availability. No known active exploitation has been reported.
Mitigation Recommendations
A patch is available and should be applied by upgrading authentik to version 2025.12.5 or later, or 2026.2.3 or later. Since this is not a cloud service, users must manually update to the fixed versions to remediate the vulnerability. Patch status is confirmed by the vendor advisory indicating the issue is fixed in these versions.
CVE-2026-42849: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in goauthentik authentik
Description
authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issue has been patched in versions 2025.12.5 and 2026.2.3.
CVSS v3.1
Score 9.3critical
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
authentik versions prior to 2025.12.5 and 2026.2.3 contain a CWE-79 cross-site scripting vulnerability in the AutosubmitStage of the Simple Flow Executor. This vulnerability arises from improper input neutralization during web page generation, enabling an attacker to inject malicious scripts. The flaw was introduced to maintain compatibility with legacy browsers. The vulnerability is critical with a CVSS 3.1 score of 9.3 and has been addressed by patches in the specified versions.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the affected authentik web interface, potentially leading to disclosure or modification of sensitive information. The vulnerability impacts confidentiality and integrity but does not affect availability. No known active exploitation has been reported.
Mitigation Recommendations
A patch is available and should be applied by upgrading authentik to version 2025.12.5 or later, or 2026.2.3 or later. Since this is not a cloud service, users must manually update to the fixed versions to remediate the vulnerability. Patch status is confirmed by the vendor advisory indicating the issue is fixed in these versions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-30T16:44:48.378Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1f41c3e29bf47b5000d19e
Added to database: 6/2/2026, 8:49:07 PM
Last enriched: 6/2/2026, 9:03:53 PM
Last updated: 6/3/2026, 4:58:22 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.