A vulnerability, which was classified as critical , was found in goauthentik authentik up to 2025.12.5/2026.2.3/2026.5.0 . This affects an unknown part. Executing a manipulation can lead to improper authentication. This vulnerability is tracked as CVE-2026-49448 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.