Primary

Context

Authentik Privilege Escalation Vulnerability via Arbitrary Superuser Group Assignment

Vulnerability

Patched

A vulnerability in authentik, an open-source identity provider, allows for unauthorized privilege escalation by assigning superuser groups to users through the PATCH /api/v3/core/users/{pk}/ API. This issue is present in authentik versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2. The vulnerability arises because the API allows users with 'change_user' permissions to assign any group, including those with superuser rights, without the necessary safeguards. As a result, users can escalate their privileges to that of an administrator.

Impact

Exploitation of this vulnerability allows users with the ability to update groups or users to grant themselves or others superuser privileges, effectively elevating their rights to that of an administrator.

Remediation

Users can upgrade to authentik versions 2025.12.5 or 2026.2.3 to address this vulnerability.

Added: May 26, 2026, 3:00 PM

Updated: May 26, 2026, 3:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

5.4

remediation

7.7

relevance

9.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Authentik Privilege Escalation Vulnerability via Arbitrary Superuser Group Assignment

Vulnerability

Impact

Remediation

Affected Products

authentik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating