Primary

Context

authentik Proxy Provider Authentication Bypass Vulnerability

Vulnerability

Patched

A vulnerability in the authentik Proxy Provider allows for authentication bypass when using forward authentication with Traefik or Caddy as reverse proxies. This issue affects authentik versions prior to 2025.10.4 and 2025.12.4. The vulnerability arises from the ability to send a malformed cookie that bypasses authentication checks. As a result, none of the authentik-specific X-Authentik headers are transmitted, which could potentially grant unauthorized access to applications depending on those headers.

Impact

Exploitation of this vulnerability could lead to unauthorized access to applications using the authentik Proxy Provider with forward authentication, Traefik, or Caddy.

Remediation

Users can upgrade to authentik versions 2025.10.4 or 2025.12.4 to address this vulnerability. If an upgrade is not possible, it is recommended to deactivate the reverse proxy entries for any applications using forward authentication until authentik can be upgraded.

Added: Feb 12, 2026, 8:21 PM

Updated: Feb 12, 2026, 8:21 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.9

remediation

8.3

relevance

3.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.9

remediation

8.3

relevance

3.0

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

authentik Proxy Provider Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

goauthentik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating