A vulnerability categorized as critical has been discovered in goauthentik authentik up to 2025.12.4/2026.2.2 . Impacted is an unknown function. The manipulation of the argument NameID results in improper authentication. This vulnerability is cataloged as CVE-2026-40165 . The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.