BIT-authentik-2026-40172

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/authentik/BIT-authentik-2026-40172.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-authentik-2026-40172

Aliases

CVE-2026-40172

Published

2026-06-01T11:37:28.782Z

Modified

2026-06-01T14:30:04.594435632Z

Summary

authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser

Details

authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows a caller with changeuser on a target user to assign arbitrary groups through UserSerializer, including groups with issuperuser=True, without requiring enablegroupsuperuser, leading to privilege escalation. This bypasses the stricter permission model enforced in group-management paths and enables delegated user-management permissions to escalate target users to administrator-equivalent privilege. Users with permissions to update groups or permissions to update users are able to add themselves or other users they have permissions on to users which have superuser permissions. This issue has been fixed in versions 22025.12.5 and 2026.2.3.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / authentik

Package

Name: authentik
Purl: pkg:bitnami/authentik

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2025.12.5

Introduced

2026.2.0

Fixed

2026.2.3

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/authentik/BIT-authentik-2026-40172.json"