CVE-2026-49448 - authentik SourceStage empty POST bypass
authentik disclosed a critical authentication bypass in Source stages. When a
Source stage is bound to a flow, the source exposes a ui_login_button, and an
attacker can reach that Source stage, an empty POST can bypass the stage and
effectively skip authentication at that source.
This is an identity-plane issue, not a routine package bump. A reviewer-ready fix needs to prove which authentik servers, workers, Helm charts, Compose stacks, outposts, blueprints, and Terraform-managed flows are actually controlled by the repository; whether any public authentication, enrollment, invitation, recovery, or application-launch flows bind Source stages; and how sessions, tokens, and downstream applications are handled after patching.
There is one public source nuance as of 2026-06-08. The GitHub and NVD records
list 2026.5.1 as a patched version, but authentik’s 2026.5 release notes say
2026.5.1 was skipped and list GHSA-xp7f-xjjx-gwm8 under 2026.5.2. Treat
2026.5.2+ as the safe target on the 2026.5 line unless the deployment has a
vendor-published 2026.5.1 artifact with matching advisory evidence.
When to use it
Use this recipe when a repository deploys, packages, configures, or manages
authentik server, workers, outposts, Helm/Compose/Kubernetes artifacts,
Terraform blueprints, flow definitions, or identity-provider runbooks. It is
most important when public authentication, enrollment, invitation, recovery, or
application-launch flows bind Source stages with ui_login_button enabled.
Use it to patch the identity plane, inventory reachable Source-backed flows, and document session/token/downstream relying-party actions. Do not use it to send empty POST probes to live login paths.
Inputs
- Dockerfiles, Compose files, Helm values and locks, Kubernetes manifests, Terraform/Ansible, release scripts, generated manifests, image tags/digests, SBOMs, CI images, docs, and runbooks that reference authentik.
- Resolved server, worker, and controlled outpost versions, including whether
the selected line is
2025.12,2026.2, or2026.5. - Flow and source definitions from blueprints, fixtures, Terraform resources,
seeds, exports, backups, docs, and tests:
SourceStage, source bindings,ui_login_button, enrollment, invitation, recovery, authentication, and application-launch flows. - Reachability for flows through ingress, reverse proxies, outposts, public application links, partner networks, CDN routes, and internal users.
- Operator session and relying-party context: web sessions, OAuth grants, refresh tokens, SAML sessions, proxy outpost sessions, downstream apps, audit logs, and revocation ownership.
Affected versions
- Vulnerable product:
authentik <=2025.12.5 - Vulnerable product:
authentik 2026.2.0 through 2026.2.3 - Vulnerable product:
authentik 2026.5.0 - Fixed product:
authentik 2025.12.6+,2026.2.4+, or2026.5.2+where2026.5.1is unavailable or marked skipped in vendor release notes - Affected configuration: a Source stage bound to a reachable flow where
the source exposes
ui_login_button - Affected surface: authentik server login flows, source-backed authentication flows, enrollment or invitation flows, recovery flows, application launch flows, and downstream SSO relying parties that trust authentik authentication state
Indicator-of-exposure
- The repository deploys or packages authentik server or worker images, Helm releases, Compose stacks, Kubernetes manifests, Terraform modules, Ansible roles, generated manifests, SBOMs, or release scripts.
- Controlled image tags, chart versions, app versions, or generated dependency
reports resolve to
2025.12.5or earlier,2026.2.0through2026.2.3, or2026.5.0. - Flow blueprints, Terraform resources, fixtures, seeds, backups, or docs bind Source stages into authentication, enrollment, invitation, recovery, or application-launch flows.
- The source shown in the flow exposes
ui_login_button, meaning users can start that source directly from the flow UI. - Public or semi-public routes expose authentik flow executor endpoints through reverse proxies, ingress, outposts, load balancers, CDN rules, or published application links.
- Downstream applications accept authentik sessions, OAuth/OIDC tokens, SAML assertions, proxy headers, or outpost decisions without an additional independent authentication or device check.
- Server, worker, and outpost versions are not upgraded together even though authentik recommends keeping instance and outpost versions aligned.
Quick checks:
rg -n "authentik|goauthentik|ghcr.io/goauthentik|AUTHENTIK_TAG|authentik_version|chart.*authentik|helm.*authentik|ui_login_button|SourceStage|source stage|ak-source|flow|blueprint|outpost|proxy outpost" .
rg -n "2025\.12\.[0-5]|2026\.2\.[0-3]|2026\.5\.0|version/2025\.12|version/2026\.2|version/2026\.5" .
helm list -A | rg -i "authentik"
docker image ls | rg -i "authentik|goauthentik"
kubectl get deploy,statefulset,cronjob -A -o yaml | rg -i "authentik|goauthentik|2025\.12|2026\.2|2026\.5"
Windows:
rg -n "authentik|goauthentik|ghcr.io/goauthentik|AUTHENTIK_TAG|authentik_version|chart.*authentik|helm.*authentik|ui_login_button|SourceStage|source stage|ak-source|flow|blueprint|outpost|proxy outpost" .
rg -n "2025\.12\.[0-5]|2026\.2\.[0-3]|2026\.5\.0|version/2025\.12|version/2026\.2|version/2026\.5" .
helm list -A | rg -i "authentik"
docker image ls | rg -i "authentik|goauthentik"
kubectl get deploy,statefulset,cronjob -A -o yaml | rg -i "authentik|goauthentik|2025\.12|2026\.2|2026\.5"
Do not validate exposure by sending empty POSTs to live authentik flows, capturing real login traffic, bypassing SSO, impersonating users, dumping sessions, printing tokens, or probing customer-facing applications.
Remediation strategy
- Upgrade every controlled authentik server and worker runtime to
2025.12.6+,2026.2.4+, or2026.5.2+on the selected release line. Use2026.5.2+where release artifacts or release notes mark2026.5.1as skipped. - Pin explicit image tags or digests for
ghcr.io/goauthentik/server, generated Compose files, Helm chart versions, rendered Kubernetes manifests, Terraform defaults, release templates, and SBOMs. - Keep authentik instance and outpost versions aligned during rollout, and document any separately managed proxy, LDAP, RAC, RADIUS, or agent outposts.
- Inventory all Source stages bound to reachable flows. Record which sources
expose
ui_login_button, which flows are public, and which downstream apps trust the resulting authentik session or token. - If upgrade is temporarily blocked, remove Source stages with login buttons from public flows, disable affected external source buttons, or route users through an unaffected local authentication path with MFA until patched. Treat this only as containment.
- After patching exposed public flows, invalidate authentik web sessions and review whether OAuth grants, refresh tokens, SAML sessions, proxy outpost sessions, or downstream application sessions should be revoked.
- Review flow execution events, source login events, reverse-proxy logs, and downstream application sign-in events for anomalous empty POST attempts or unexpected source-stage completions. Avoid exporting raw cookies, tokens, headers, assertions, or user attributes into PR logs.
- Add safe policy checks that prove fixed versions, rendered manifest consistency, Source-stage inventory coverage, outpost version alignment, session/token operator actions, and no exploit-like live POST probes.
The prompt
You are remediating CVE-2026-49448 / GHSA-xp7f-xjjx-gwm8, an authentik
Source stage authentication bypass where a reachable Source stage with a
`ui_login_button` can be bypassed by an empty POST. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades every controlled authentik
runtime, aligns server/worker/outpost deployment artifacts, audits public
Source-stage-backed flows, adds safe validation, and documents session and
downstream relying-party actions, or
- TRIAGE.md if this repository does not own an affected authentik runtime,
flow definition, deployment artifact, outpost, or safe patch path.
## Rules
- Scope only CVE-2026-49448 / GHSA-xp7f-xjjx-gwm8 and directly related
authentik server, worker, outpost, Source-stage, flow, session, token, and
relying-party controls.
- Distinguish authentik server/runtime deployments from authentik API clients,
Terraform providers, documentation-only integration guides, and externally
owned identity-provider services.
- Treat cookies, sessions, OAuth grants, refresh tokens, SAML assertions,
proxy headers, source configuration, user attributes, flow execution logs,
reverse-proxy logs, downstream application logs, and identity-provider
secrets as sensitive.
- Do not send empty POST probes to live authentik flows, bypass SSO, impersonate
users, capture production login traffic, dump sessions, print tokens, export
assertions, or probe customer-facing relying parties.
- Do not remove MFA, flow policies, login throttling, source restrictions,
outpost checks, audit logging, or session controls to silence the alert.
- Do not auto-merge.
## Steps
1. Inventory all controlled authentik references in Dockerfiles, Compose files,
Helm values, chart locks, Kubernetes manifests, Terraform, Ansible, release
scripts, generated manifests, SBOMs, CI images, docs, and operator runbooks.
2. Determine every resolved authentik server and worker version. A target is
vulnerable if it resolves to `<=2025.12.5`, `2026.2.0` through `2026.2.3`,
or `2026.5.0`.
3. On the 2026.5 line, check vendor release evidence before pinning
`2026.5.1`; authentik release notes mark that release skipped and list this
GHSA under `2026.5.2`, so prefer `2026.5.2+` unless a maintained artifact
proves otherwise.
4. Inventory outposts and sidecars: proxy, LDAP, RAC, RADIUS, agent, or custom
outposts. Record whether they are repository-managed, authentik-managed, or
externally managed, and keep versions aligned with the instance where this
repository controls them.
5. Search for Source-stage and flow definitions in blueprints, fixtures,
Terraform resources, database seeds, exports, backups, docs, and tests:
`SourceStage`, `source stage`, `ui_login_button`, source bindings, flow
bindings, authentication flows, enrollment flows, invitation flows, recovery
flows, and application launch flows.
6. Identify which flows are reachable from the internet, internal users,
partner networks, reverse proxies, ingress routes, outposts, CDN routes, or
public application links.
7. If this repository only documents authentik, uses an authentik API client,
or depends on an externally owned authentik service, stop with `TRIAGE.md`
naming the owner, checked files, observed versions if known, Source-stage
questions, and required fixed versions.
8. Upgrade vulnerable runtimes on the selected release line:
- `2025.12.x` deployments to `2025.12.6+`;
- `2026.2.x` deployments to `2026.2.4+`;
- `2026.5.x` deployments to `2026.5.2+` unless vendor evidence proves a
maintained `2026.5.1` artifact;
- floating image tags to explicit patched tags or digests.
9. Refresh the repository's normal generated artifacts: lockfiles, Compose
files, Helm chart locks, rendered manifests, Terraform defaults, SBOMs,
image digests, deployment docs, release notes, and scanner baselines.
10. If rollout is delayed, add temporary containment that removes affected
Source stages or source login buttons from public flows, routes users
through an unaffected local authentication path with MFA, or blocks public
access to the affected flow. Document residual risk and rollback steps.
11. Add safe validation checks:
- rendered artifacts do not contain vulnerable authentik versions;
- server, worker, and controlled outpost versions are aligned;
- public flows with Source stages and `ui_login_button` are inventoried;
- containment is explicit if a vulnerable runtime remains;
- tests use mocked or local flow objects rather than live empty POST probes.
12. Add operator actions:
- restart server, worker, and controlled outpost workloads;
- invalidate authentik web sessions for exposed public flows;
- decide whether OAuth grants, refresh tokens, SAML sessions, proxy outpost
sessions, or downstream application sessions need revocation;
- review audit and proxy logs without exposing raw cookies, tokens,
headers, assertions, or user attributes.
13. Add a PR body section named `CVE-2026-49448 operator actions` that states:
- authentik versions before and after;
- whether `2026.5.1` was skipped or available in this deployment channel;
- which server, worker, outpost, Helm, Compose, and Kubernetes artifacts
were updated;
- which Source stages and `ui_login_button` flows were found;
- which flows are public or reachable by semi-trusted users;
- which downstream applications trust authentik sessions or tokens;
- which sessions, grants, tokens, or downstream sessions were revoked or
intentionally left in place;
- which validation commands passed.
14. Run available validation: config lint, Helm template rendering, Compose
rendering, Terraform plan without secret output, unit tests for flow
inventory helpers, policy checks, image/SBOM refresh, dependency/security
scans, and non-secret smoke checks.
15. Use PR title:
`fix(sec): remediate authentik SourceStage bypass`.
## Stop conditions
- No affected authentik server, worker, outpost, flow definition, image,
chart, manifest, or deployment artifact is owned by this repository.
- The affected authentik service is owned by another team or vendor; name the
owner and required fixed version in `TRIAGE.md`.
- A fixed authentik release cannot be consumed without a planned identity
migration, maintenance window, or outpost coordination.
- Verification would require empty POST exploitation, production login probes,
SSO bypass, user impersonation, session dumping, token printing, assertion
export, or customer-facing relying-party probing.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Verification - what the reviewer looks for
- Every controlled authentik server and worker runtime resolves to
2025.12.6+,2026.2.4+, or2026.5.2+where2026.5.1is unavailable or skipped. - Compose files, Helm values, chart locks, rendered manifests, Terraform defaults, SBOMs, generated dependency reports, image tags, and image digests agree on the patched runtime.
- Controlled outposts are aligned with the authentik instance version or the PR clearly names the external owner and rollout requirement.
- The PR inventories reachable Source-stage-backed flows and identifies which
sources expose
ui_login_button. - Public authentication, enrollment, invitation, recovery, and application launch flows either run on patched authentik or have documented temporary containment.
- Session, grant, token, outpost-session, and downstream relying-party actions are explicit enough for operators to execute after deployment.
- Tests and validation do not send empty POSTs to live flows, bypass SSO, impersonate users, print cookies or tokens, or export SAML/OIDC assertions.
Watch for
- Updating only the server image while the worker, Helm chart lock, Compose download URL, rendered manifests, SBOM, Terraform module, or docs still point at a vulnerable version.
- Pinning
2026.5.1from the advisory text while the deployment channel or release notes indicate the actual available fixed build is2026.5.2+. - Assuming authentik is not exposed because the admin UI is private, while public login flows and application-launch links remain reachable.
- Treating Source stages as safe because users normally click a source button; the vulnerable condition is a reachable stage plus an empty POST path.
- Forgetting outposts, reverse proxies, or downstream applications that cache authentication state after the authentik instance is patched.
- PR logs that include raw session cookies, OAuth tokens, SAML assertions, proxy authorization headers, or user attributes from identity logs.
Output contract
Return one of:
- A reviewer-ready PR/change request that upgrades every controlled authentik runtime to the fixed release line, aligns server/worker/outpost artifacts, inventories reachable Source-stage-backed flows, adds safe validation, refreshes generated artifacts, and documents session, token, outpost, and downstream relying-party actions.
TRIAGE.mdwhen no controlled affected authentik runtime, flow definition, deployment artifact, outpost, image, chart, or safe patch path exists.
The output must list versions before/after, whether 2026.5.1 is skipped or
available in the deployment channel, artifacts updated, Source stages and
ui_login_button flows found, public reachability, downstream applications,
validation commands, and revocation/restart/review actions. It must not send
empty POST probes, bypass SSO, impersonate users, dump sessions, print tokens,
export assertions, or weaken MFA, policies, outpost checks, or audit logging.
Related recipes
- Source-code authz tenant boundary audit
- CVE intelligence intake gate
- Critical infrastructure secure context
References
- authentik vendor advisory: https://github.com/goauthentik/authentik/security/advisories/GHSA-xp7f-xjjx-gwm8
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-49448
- authentik 2026.5 release notes: https://docs.goauthentik.io/releases/2026.5/
- authentik 2026.2 release notes: https://docs.goauthentik.io/releases/2026.2
- authentik 2025.12 release notes: https://docs.goauthentik.io/releases/2025.12/