A vulnerability classified as problematic was found in goauthentik authentik up to 2026.2.2 . Impacted is an unknown function of the component URL parser . Executing a manipulation of the argument wreply can lead to open redirect. This vulnerability is tracked as CVE-2026-41569 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.