CVE-2026-25748 | goauthentik up to 2025.10.3/2025.12.3 Cookie improper authentication (GHSA-fj56-5763-j8pp)
A vulnerability was found in goauthentik authentik up to 2025.10.3/2025.12.3. It has been declared as critical. Affected is an unknown function of the component Cookie Handler. Such manipulation leads to improper authentication.
This vulnerability is documented as CVE-2026-25748. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.