CVE-2026-25227 Overview
A critical code injection vulnerability has been identified in authentik, an open-source identity provider. The flaw exists in the property mapping and expression policy test endpoints, which are designed to preview how these configurations work. Users with delegated permissions to view Property Mapping or Expression Policy can exploit this test endpoint to execute arbitrary code within the authentik server container.
This vulnerability affects authentik versions from 2021.3.1 through versions prior to 2025.8.6, 2025.10.4, and 2025.12.4. The issue stems from improper input sanitization in the expression evaluator component, allowing authenticated users with specific view permissions to escalate their access and achieve remote code execution.
Critical Impact
Authenticated users with delegated view permissions can execute arbitrary code on the authentik server, potentially leading to complete system compromise, data exfiltration, or lateral movement within the network infrastructure.
Affected Products
- authentik versions from 2021.3.1 to before 2025.8.6
- authentik versions from 2021.3.1 to before 2025.10.4
- authentik versions from 2021.3.1 to before 2025.12.4
Discovery Timeline
- February 12, 2026 - CVE-2026-25227 published to NVD
- February 12, 2026 - Last updated in NVD database
Technical Details for CVE-2026-25227
Vulnerability Analysis
This vulnerability is classified as CWE-94 (Improper Control of Generation of Code / Code Injection). The flaw resides in the expression evaluator component of authentik, specifically in how user-supplied arguments are sanitized before being processed by the test endpoint.
The test endpoint functionality is designed to allow administrators to preview how property mappings and expression policies will behave. However, the input sanitization mechanism was insufficient, allowing users with the Can view * Property Mapping or Can view Expression Policy permission to craft malicious inputs that bypass the sanitization and execute arbitrary code within the server container context.
The network-accessible nature of this vulnerability combined with the ability to achieve code execution with changed scope makes this particularly dangerous, as a compromised authentik instance could impact all applications and services that rely on it for identity management.
Root Cause
The root cause lies in the sanitize_arg function within authentik/lib/expression/evaluator.py. The original implementation used a simple regex substitution to sanitize argument names, which proved insufficient to prevent code injection attacks. The fix introduces an additional slugify() function call that provides more robust input sanitization by converting the argument to a URL-safe slug format before applying the regex substitution.
Attack Vector
The attack vector requires network access to the authentik instance and authenticated access with delegated permissions. An attacker would need:
- Valid credentials with delegated permissions that include Can view * Property Mapping or Can view Expression Policy
- Access to the property mapping or expression policy test endpoint
- Crafted malicious input designed to bypass the original regex-based sanitization
Once these conditions are met, the attacker can inject and execute arbitrary Python code within the authentik server container, potentially gaining access to sensitive configuration data, secrets, and the ability to manipulate identity and access management decisions.
# Security patch from authentik/lib/expression/evaluator.py
# Source: https://github.com/goauthentik/authentik/commit/c691afaef164cf73c10a26a944ef2f11dbb1ac80
def sanitize_arg(arg_name: str) -> str:
- return re.sub(ARG_SANITIZE, "_", arg_name)
+ return re.sub(ARG_SANITIZE, "_", slugify(arg_name))
class BaseEvaluator:
Detection Methods for CVE-2026-25227
Indicators of Compromise
- Unusual API calls to property mapping or expression policy test endpoints from non-administrative users
- Unexpected process execution or network connections originating from the authentik container
- Log entries showing access to test endpoints by users with only delegated view permissions
- Evidence of data exfiltration or lateral movement attempts from the authentik server
Detection Strategies
- Monitor authentik access logs for requests to property mapping and expression policy test endpoints
- Implement alerting for users with delegated permissions accessing administrative test functionality
- Deploy runtime application security monitoring to detect code injection attempts
- Review audit logs for permission escalation patterns or unusual user activity
Monitoring Recommendations
- Enable detailed logging for all authentik API endpoints, particularly those related to property mappings and expression policies
- Configure SIEM rules to correlate access attempts to test endpoints with user permission levels
- Implement container runtime security monitoring to detect anomalous code execution within the authentik container
- Establish baseline behavior for test endpoint usage and alert on deviations
How to Mitigate CVE-2026-25227
Immediate Actions Required
- Upgrade authentik to version 2025.8.6, 2025.10.4, or 2025.12.4 immediately
- Review and audit all users with delegated Can view * Property Mapping or Can view Expression Policy permissions
- Monitor for any indicators of compromise on systems running vulnerable authentik versions
- Consider temporarily restricting access to test endpoints until patches can be applied
Patch Information
Security patches have been released for all supported authentik branches. Organizations should upgrade to one of the following fixed versions:
The fix is tracked in commit c691afaef164cf73c10a26a944ef2f11dbb1ac80. For complete vulnerability details, refer to the GitHub Security Advisory GHSA-qvxx-mfm6-626f.
Workarounds
- Revoke delegated Can view * Property Mapping and Can view Expression Policy permissions from non-essential users until patching is complete
- Implement network segmentation to restrict access to the authentik administrative interface
- Deploy a web application firewall (WAF) with rules to inspect and block potentially malicious payloads to test endpoints
- Consider implementing additional authentication requirements for accessing administrative functionality
# Example: Audit users with delegated permissions in authentik
# Review the authentik admin panel under System > Users > Permissions
# Remove or restrict "Can view * Property Mapping" and "Can view Expression Policy"
# permissions from users who do not require them for their role
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
