CVE-2026-47201 Overview
CVE-2026-47201 affects authentik, an open-source identity provider widely deployed for single sign-on and federated authentication. The vulnerability resides in the SAML Source Assertion Consumer Service (ACS) endpoint, which fails to properly validate the structure of signed Security Assertion Markup Language (SAML) responses from upstream identity providers. An attacker holding any valid account at a trusted upstream IdP can perform XML Signature Wrapping (XSW) to reuse a legitimate signed assertion and authenticate as a different federated user. The flaw is classified under [CWE-20] Improper Input Validation. Maintainers patched the issue in authentik versions 2025.12.5, 2026.2.3, and 2026.5.1.
Critical Impact
An authenticated user at any federated upstream IdP can impersonate other federated users within authentik, bypassing identity assurance and gaining unauthorized access to downstream applications.
Affected Products
- authentik versions prior to 2025.12.5
- authentik versions prior to 2026.2.3 in the 2026.2.x branch
- authentik versions prior to 2026.5.1 in the 2026.5.x branch
Discovery Timeline
- 2026-06-02 - CVE-2026-47201 published to NVD
- 2026-06-02 - Last updated in NVD database
Technical Details for CVE-2026-47201
Vulnerability Analysis
The authentik SAML Source ACS endpoint processes SAML responses returned by upstream identity providers during federated login flows. The endpoint validates the cryptographic signature on the response but does not verify that the signed element is the same element the application consumes for identity claims. This mismatch enables XML Signature Wrapping, a class of attack against XML-DSig that exploits the separation between signature verification and business logic processing.
An attacker who controls a valid account at the upstream IdP can request a legitimately signed SAML assertion for themselves. The attacker then restructures the XML document to inject an attacker-crafted assertion referencing a victim user, while keeping the original signed assertion present elsewhere in the document so the signature still validates. authentik verifies the signature against the original element but extracts user identity from the injected, unsigned element.
Root Cause
The root cause is improper input validation during SAML response parsing. The signature validation routine and the assertion consumption routine operate on different XPath references within the document, violating the principle that verified data and processed data must be identical.
Attack Vector
Exploitation requires network access to the authentik ACS endpoint and a valid low-privilege account at a federated upstream IdP trusted by the target authentik instance. The attacker initiates a SAML authentication flow, captures the signed response, modifies the XML structure to wrap the signed assertion around a forged assertion containing the victim username or identifier, and replays it to authentik. authentik accepts the signature as valid and provisions a session for the impersonated user.
No public proof-of-concept code has been published for CVE-2026-47201. The GitHub Security Advisory GHSA-c3m2-jqmq-pvp3 documents the affected components and patched versions.
Detection Methods for CVE-2026-47201
Indicators of Compromise
- SAML responses received by the authentik ACS endpoint containing multiple <saml:Assertion> elements or duplicate ID attributes within a single response.
- Authentication events where the federated NameID or subject does not match any prior login pattern for the source IdP account.
- Successful logins shortly after a low-privilege upstream IdP account performs a SAML flow but the resulting authentik session maps to a privileged user.
- Unexpected session creations for service or administrative accounts originating from a SAML Source flow.
Detection Strategies
- Parse inbound SAML responses at the proxy or web application firewall and alert on responses containing more than one Assertion or Response element.
- Compare the Subject element referenced by the verified SignatureReference URI with the Subject consumed by the application; flag any divergence.
- Correlate authentik audit logs with upstream IdP logs to identify cases where an upstream login by user A produced an authentik session for user B.
Monitoring Recommendations
- Ingest authentik audit events and upstream IdP logs into a centralized analytics platform such as Singularity Data Lake to enable cross-source correlation of federated authentication anomalies.
- Monitor the authentik_events_login and authentik_sources_saml event streams for spikes in SAML Source authentications.
- Alert on first-time authentik logins for high-value accounts that occur through a SAML Source rather than a primary authentication method.
How to Mitigate CVE-2026-47201
Immediate Actions Required
- Upgrade authentik to 2025.12.5, 2026.2.3, or 2026.5.1 depending on the deployed release train.
- Audit all configured SAML Sources and review recent federated logins for unexpected user mappings.
- Rotate sessions and force re-authentication for any user whose account may have been impersonated.
- Restrict trust to upstream IdPs whose account provisioning and identity proofing meet organizational standards.
Patch Information
The authentik maintainers released fixes in versions 2025.12.5, 2026.2.3, and 2026.5.1. The patches harden SAML response parsing so that the element referenced by the XML signature is the same element from which identity attributes are extracted. Refer to the authentik GitHub Security Advisory for the full advisory and commit references.
Workarounds
- Temporarily disable affected SAML Sources until the upgrade is applied if patching cannot be performed immediately.
- Front the authentik ACS endpoint with a reverse proxy that rejects SAML responses containing multiple Assertion elements or duplicate XML IDs.
- Limit upstream IdP membership to fully trusted users only, reducing the population capable of obtaining a signed assertion to abuse.
# Verify the running authentik version meets the patched baseline
kubectl exec -n authentik deploy/authentik-server -- \
ak version
# Expected output should be one of:
# 2025.12.5 (or newer in the 2025.12.x branch)
# 2026.2.3 (or newer in the 2026.2.x branch)
# 2026.5.1 (or newer in the 2026.5.x branch)
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
