CVE-2026-49448 - authentik SourceStage empty POST bypass

authentik disclosed a critical authentication bypass in Source stages. When a Source stage is bound to a flow, the source exposes a ui_login_button, and an attacker can reach that Source stage, an empty POST can bypass the stage and effectively skip authentication at that source.

This is an identity-plane issue, not a routine package bump. A reviewer-ready fix needs to prove which authentik servers, workers, Helm charts, Compose stacks, outposts, blueprints, and Terraform-managed flows are actually controlled by the repository; whether any public authentication, enrollment, invitation, recovery, or application-launch flows bind Source stages; and how sessions, tokens, and downstream applications are handled after patching.

There is one public source nuance as of 2026-06-08. The GitHub and NVD records list 2026.5.1 as a patched version, but authentik’s 2026.5 release notes say 2026.5.1 was skipped and list GHSA-xp7f-xjjx-gwm8 under 2026.5.2. Treat 2026.5.2+ as the safe target on the 2026.5 line unless the deployment has a vendor-published 2026.5.1 artifact with matching advisory evidence.

When to use it

Use this recipe when a repository deploys, packages, configures, or manages authentik server, workers, outposts, Helm/Compose/Kubernetes artifacts, Terraform blueprints, flow definitions, or identity-provider runbooks. It is most important when public authentication, enrollment, invitation, recovery, or application-launch flows bind Source stages with ui_login_button enabled.

Use it to patch the identity plane, inventory reachable Source-backed flows, and document session/token/downstream relying-party actions. Do not use it to send empty POST probes to live login paths.

Inputs

  • Dockerfiles, Compose files, Helm values and locks, Kubernetes manifests, Terraform/Ansible, release scripts, generated manifests, image tags/digests, SBOMs, CI images, docs, and runbooks that reference authentik.
  • Resolved server, worker, and controlled outpost versions, including whether the selected line is 2025.12, 2026.2, or 2026.5.
  • Flow and source definitions from blueprints, fixtures, Terraform resources, seeds, exports, backups, docs, and tests: SourceStage, source bindings, ui_login_button, enrollment, invitation, recovery, authentication, and application-launch flows.
  • Reachability for flows through ingress, reverse proxies, outposts, public application links, partner networks, CDN routes, and internal users.
  • Operator session and relying-party context: web sessions, OAuth grants, refresh tokens, SAML sessions, proxy outpost sessions, downstream apps, audit logs, and revocation ownership.

Affected versions

  • Vulnerable product: authentik <=2025.12.5
  • Vulnerable product: authentik 2026.2.0 through 2026.2.3
  • Vulnerable product: authentik 2026.5.0
  • Fixed product: authentik 2025.12.6+, 2026.2.4+, or 2026.5.2+ where 2026.5.1 is unavailable or marked skipped in vendor release notes
  • Affected configuration: a Source stage bound to a reachable flow where the source exposes ui_login_button
  • Affected surface: authentik server login flows, source-backed authentication flows, enrollment or invitation flows, recovery flows, application launch flows, and downstream SSO relying parties that trust authentik authentication state

Indicator-of-exposure

  • The repository deploys or packages authentik server or worker images, Helm releases, Compose stacks, Kubernetes manifests, Terraform modules, Ansible roles, generated manifests, SBOMs, or release scripts.
  • Controlled image tags, chart versions, app versions, or generated dependency reports resolve to 2025.12.5 or earlier, 2026.2.0 through 2026.2.3, or 2026.5.0.
  • Flow blueprints, Terraform resources, fixtures, seeds, backups, or docs bind Source stages into authentication, enrollment, invitation, recovery, or application-launch flows.
  • The source shown in the flow exposes ui_login_button, meaning users can start that source directly from the flow UI.
  • Public or semi-public routes expose authentik flow executor endpoints through reverse proxies, ingress, outposts, load balancers, CDN rules, or published application links.
  • Downstream applications accept authentik sessions, OAuth/OIDC tokens, SAML assertions, proxy headers, or outpost decisions without an additional independent authentication or device check.
  • Server, worker, and outpost versions are not upgraded together even though authentik recommends keeping instance and outpost versions aligned.

Quick checks:

rg -n "authentik|goauthentik|ghcr.io/goauthentik|AUTHENTIK_TAG|authentik_version|chart.*authentik|helm.*authentik|ui_login_button|SourceStage|source stage|ak-source|flow|blueprint|outpost|proxy outpost" .
rg -n "2025\.12\.[0-5]|2026\.2\.[0-3]|2026\.5\.0|version/2025\.12|version/2026\.2|version/2026\.5" .
helm list -A | rg -i "authentik"
docker image ls | rg -i "authentik|goauthentik"
kubectl get deploy,statefulset,cronjob -A -o yaml | rg -i "authentik|goauthentik|2025\.12|2026\.2|2026\.5"

Windows:

rg -n "authentik|goauthentik|ghcr.io/goauthentik|AUTHENTIK_TAG|authentik_version|chart.*authentik|helm.*authentik|ui_login_button|SourceStage|source stage|ak-source|flow|blueprint|outpost|proxy outpost" .
rg -n "2025\.12\.[0-5]|2026\.2\.[0-3]|2026\.5\.0|version/2025\.12|version/2026\.2|version/2026\.5" .
helm list -A | rg -i "authentik"
docker image ls | rg -i "authentik|goauthentik"
kubectl get deploy,statefulset,cronjob -A -o yaml | rg -i "authentik|goauthentik|2025\.12|2026\.2|2026\.5"

Do not validate exposure by sending empty POSTs to live authentik flows, capturing real login traffic, bypassing SSO, impersonating users, dumping sessions, printing tokens, or probing customer-facing applications.

Remediation strategy

  • Upgrade every controlled authentik server and worker runtime to 2025.12.6+, 2026.2.4+, or 2026.5.2+ on the selected release line. Use 2026.5.2+ where release artifacts or release notes mark 2026.5.1 as skipped.
  • Pin explicit image tags or digests for ghcr.io/goauthentik/server, generated Compose files, Helm chart versions, rendered Kubernetes manifests, Terraform defaults, release templates, and SBOMs.
  • Keep authentik instance and outpost versions aligned during rollout, and document any separately managed proxy, LDAP, RAC, RADIUS, or agent outposts.
  • Inventory all Source stages bound to reachable flows. Record which sources expose ui_login_button, which flows are public, and which downstream apps trust the resulting authentik session or token.
  • If upgrade is temporarily blocked, remove Source stages with login buttons from public flows, disable affected external source buttons, or route users through an unaffected local authentication path with MFA until patched. Treat this only as containment.
  • After patching exposed public flows, invalidate authentik web sessions and review whether OAuth grants, refresh tokens, SAML sessions, proxy outpost sessions, or downstream application sessions should be revoked.
  • Review flow execution events, source login events, reverse-proxy logs, and downstream application sign-in events for anomalous empty POST attempts or unexpected source-stage completions. Avoid exporting raw cookies, tokens, headers, assertions, or user attributes into PR logs.
  • Add safe policy checks that prove fixed versions, rendered manifest consistency, Source-stage inventory coverage, outpost version alignment, session/token operator actions, and no exploit-like live POST probes.

The prompt

You are remediating CVE-2026-49448 / GHSA-xp7f-xjjx-gwm8, an authentik
Source stage authentication bypass where a reachable Source stage with a
`ui_login_button` can be bypassed by an empty POST. Produce exactly one output:

- A reviewer-ready PR/change request that upgrades every controlled authentik
  runtime, aligns server/worker/outpost deployment artifacts, audits public
  Source-stage-backed flows, adds safe validation, and documents session and
  downstream relying-party actions, or
- TRIAGE.md if this repository does not own an affected authentik runtime,
  flow definition, deployment artifact, outpost, or safe patch path.

## Rules

- Scope only CVE-2026-49448 / GHSA-xp7f-xjjx-gwm8 and directly related
  authentik server, worker, outpost, Source-stage, flow, session, token, and
  relying-party controls.
- Distinguish authentik server/runtime deployments from authentik API clients,
  Terraform providers, documentation-only integration guides, and externally
  owned identity-provider services.
- Treat cookies, sessions, OAuth grants, refresh tokens, SAML assertions,
  proxy headers, source configuration, user attributes, flow execution logs,
  reverse-proxy logs, downstream application logs, and identity-provider
  secrets as sensitive.
- Do not send empty POST probes to live authentik flows, bypass SSO, impersonate
  users, capture production login traffic, dump sessions, print tokens, export
  assertions, or probe customer-facing relying parties.
- Do not remove MFA, flow policies, login throttling, source restrictions,
  outpost checks, audit logging, or session controls to silence the alert.
- Do not auto-merge.

## Steps

1. Inventory all controlled authentik references in Dockerfiles, Compose files,
   Helm values, chart locks, Kubernetes manifests, Terraform, Ansible, release
   scripts, generated manifests, SBOMs, CI images, docs, and operator runbooks.
2. Determine every resolved authentik server and worker version. A target is
   vulnerable if it resolves to `<=2025.12.5`, `2026.2.0` through `2026.2.3`,
   or `2026.5.0`.
3. On the 2026.5 line, check vendor release evidence before pinning
   `2026.5.1`; authentik release notes mark that release skipped and list this
   GHSA under `2026.5.2`, so prefer `2026.5.2+` unless a maintained artifact
   proves otherwise.
4. Inventory outposts and sidecars: proxy, LDAP, RAC, RADIUS, agent, or custom
   outposts. Record whether they are repository-managed, authentik-managed, or
   externally managed, and keep versions aligned with the instance where this
   repository controls them.
5. Search for Source-stage and flow definitions in blueprints, fixtures,
   Terraform resources, database seeds, exports, backups, docs, and tests:
   `SourceStage`, `source stage`, `ui_login_button`, source bindings, flow
   bindings, authentication flows, enrollment flows, invitation flows, recovery
   flows, and application launch flows.
6. Identify which flows are reachable from the internet, internal users,
   partner networks, reverse proxies, ingress routes, outposts, CDN routes, or
   public application links.
7. If this repository only documents authentik, uses an authentik API client,
   or depends on an externally owned authentik service, stop with `TRIAGE.md`
   naming the owner, checked files, observed versions if known, Source-stage
   questions, and required fixed versions.
8. Upgrade vulnerable runtimes on the selected release line:
   - `2025.12.x` deployments to `2025.12.6+`;
   - `2026.2.x` deployments to `2026.2.4+`;
   - `2026.5.x` deployments to `2026.5.2+` unless vendor evidence proves a
     maintained `2026.5.1` artifact;
   - floating image tags to explicit patched tags or digests.
9. Refresh the repository's normal generated artifacts: lockfiles, Compose
   files, Helm chart locks, rendered manifests, Terraform defaults, SBOMs,
   image digests, deployment docs, release notes, and scanner baselines.
10. If rollout is delayed, add temporary containment that removes affected
    Source stages or source login buttons from public flows, routes users
    through an unaffected local authentication path with MFA, or blocks public
    access to the affected flow. Document residual risk and rollback steps.
11. Add safe validation checks:
    - rendered artifacts do not contain vulnerable authentik versions;
    - server, worker, and controlled outpost versions are aligned;
    - public flows with Source stages and `ui_login_button` are inventoried;
    - containment is explicit if a vulnerable runtime remains;
    - tests use mocked or local flow objects rather than live empty POST probes.
12. Add operator actions:
    - restart server, worker, and controlled outpost workloads;
    - invalidate authentik web sessions for exposed public flows;
    - decide whether OAuth grants, refresh tokens, SAML sessions, proxy outpost
      sessions, or downstream application sessions need revocation;
    - review audit and proxy logs without exposing raw cookies, tokens,
      headers, assertions, or user attributes.
13. Add a PR body section named `CVE-2026-49448 operator actions` that states:
    - authentik versions before and after;
    - whether `2026.5.1` was skipped or available in this deployment channel;
    - which server, worker, outpost, Helm, Compose, and Kubernetes artifacts
      were updated;
    - which Source stages and `ui_login_button` flows were found;
    - which flows are public or reachable by semi-trusted users;
    - which downstream applications trust authentik sessions or tokens;
    - which sessions, grants, tokens, or downstream sessions were revoked or
      intentionally left in place;
    - which validation commands passed.
14. Run available validation: config lint, Helm template rendering, Compose
    rendering, Terraform plan without secret output, unit tests for flow
    inventory helpers, policy checks, image/SBOM refresh, dependency/security
    scans, and non-secret smoke checks.
15. Use PR title:
    `fix(sec): remediate authentik SourceStage bypass`.

## Stop conditions

- No affected authentik server, worker, outpost, flow definition, image,
  chart, manifest, or deployment artifact is owned by this repository.
- The affected authentik service is owned by another team or vendor; name the
  owner and required fixed version in `TRIAGE.md`.
- A fixed authentik release cannot be consumed without a planned identity
  migration, maintenance window, or outpost coordination.
- Verification would require empty POST exploitation, production login probes,
  SSO bypass, user impersonation, session dumping, token printing, assertion
  export, or customer-facing relying-party probing.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

  • Every controlled authentik server and worker runtime resolves to 2025.12.6+, 2026.2.4+, or 2026.5.2+ where 2026.5.1 is unavailable or skipped.
  • Compose files, Helm values, chart locks, rendered manifests, Terraform defaults, SBOMs, generated dependency reports, image tags, and image digests agree on the patched runtime.
  • Controlled outposts are aligned with the authentik instance version or the PR clearly names the external owner and rollout requirement.
  • The PR inventories reachable Source-stage-backed flows and identifies which sources expose ui_login_button.
  • Public authentication, enrollment, invitation, recovery, and application launch flows either run on patched authentik or have documented temporary containment.
  • Session, grant, token, outpost-session, and downstream relying-party actions are explicit enough for operators to execute after deployment.
  • Tests and validation do not send empty POSTs to live flows, bypass SSO, impersonate users, print cookies or tokens, or export SAML/OIDC assertions.

Watch for

  • Updating only the server image while the worker, Helm chart lock, Compose download URL, rendered manifests, SBOM, Terraform module, or docs still point at a vulnerable version.
  • Pinning 2026.5.1 from the advisory text while the deployment channel or release notes indicate the actual available fixed build is 2026.5.2+.
  • Assuming authentik is not exposed because the admin UI is private, while public login flows and application-launch links remain reachable.
  • Treating Source stages as safe because users normally click a source button; the vulnerable condition is a reachable stage plus an empty POST path.
  • Forgetting outposts, reverse proxies, or downstream applications that cache authentication state after the authentik instance is patched.
  • PR logs that include raw session cookies, OAuth tokens, SAML assertions, proxy authorization headers, or user attributes from identity logs.

Output contract

Return one of:

  • A reviewer-ready PR/change request that upgrades every controlled authentik runtime to the fixed release line, aligns server/worker/outpost artifacts, inventories reachable Source-stage-backed flows, adds safe validation, refreshes generated artifacts, and documents session, token, outpost, and downstream relying-party actions.
  • TRIAGE.md when no controlled affected authentik runtime, flow definition, deployment artifact, outpost, image, chart, or safe patch path exists.

The output must list versions before/after, whether 2026.5.1 is skipped or available in the deployment channel, artifacts updated, Source stages and ui_login_button flows found, public reachability, downstream applications, validation commands, and revocation/restart/review actions. It must not send empty POST probes, bypass SSO, impersonate users, dump sessions, print tokens, export assertions, or weaken MFA, policies, outpost checks, or audit logging.

References