authentik ↗
Summary iPlain-English security verdict for authentik, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
authentik currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2026.5.3. It's on the latest patch with no significant known issues — keep it current.
Disclosure trend iNew CVEs published for authentik each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2024-52289 CRITICAL CWE-185 EPSS 1% → fixed in 2024.10.3 CVE-2022-23555 CRITICAL Improper authentication EPSS 1% → fixed in 2022.11.4 CVE-2023-46249 CRITICAL Improper authentication EPSS 1% → fixed in 2023.10.2 CVE-2026-25227 CRITICAL Code injection EPSS 1% → fixed in 2025.12.4 CVE-2024-47070 CRITICAL Improper authentication EPSS 1% → fixed in 2024.8.3 CVE-2025-52553 CRITICAL Improper authentication EPSS 0% → fixed in 2025.6.3 CVE-2026-42849 CRITICAL Cross-site scripting (XSS) EPSS 0% → fixed in 2026.2.3 CVE-2026-49448 CRITICAL Improper authentication EPSS 0% → fixed in 2026.5.1 CVE-2023-26481 CRITICAL CWE-345 EPSS 0% → fixed in 2022.12.3Get alerted about authentik
Be emailed the moment authentik gets a newly exploited vulnerability (CISA KEV) or a release reaches end of life. Free · double opt-in · unsubscribe anytime.
We email only on real events for authentik — no marketing, no sharing, and we never know what you run. Track your whole stack →
Versions & lifecycle iWhen each release line stops receiving security patches (end-of-life). After EOL there are no more fixes — plan upgrades before these dates.
How long each authentik release line is supported — and when it sunsets. Select a line for its full report.
Full authentik end-of-life dates & support timeline →
2026.5 latest 2026.5.3 Supported 2026.5.3 → 2026.2 latest 2026.2.4 Supported 2026.2.4 → 2025.12 latest 2025.12.6 End of life ended 2026-05-222025.12.6 → 2025.10 latest 2025.10.4 End of life ended 2026-02-242025.10.4 → 2025.8 latest 2025.8.6 End of life ended 2026-01-132025.8.6 → 2025.6 latest 2025.6.4 End of life ended 2025-10-272025.6.4 → 2025.4 latest 2025.4.4 End of life ended 2025-08-202025.4.4 → 2024.12 latest 2024.12.5 End of life ended 2025-04-302024.12.5 → 2023.10 latest 2023.10.7 End of life ended 2024-04-242023.10.7 → 2022.12 latest 2022.12.3 End of life ended 2023-02-142022.12.3 → See all upcoming end-of-life dates →Frequently asked
Is authentik safe and patched?
authentik currently scores 100/100 — healthy. No tracked vulnerabilities are currently known to be exploited in the wild. The latest supported release is 2026.5.3. It's on the latest patch with no significant known issues — keep it current.
What should I do about authentik now?
Upgrade authentik to the latest supported release (2026.5.3) or later and apply available security updates, then confirm against authentik's official advisory.
When does authentik reach end-of-life?
The latest supported authentik release is 2026.5.3. After end-of-life a release no longer receives security patches.
Which versions of authentik are still receiving security updates?
Supported authentik release lines (latest 2026.5.3): 2026.5, 2026.2. End-of-life releases no longer receive security patches.
Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against authentik's official advisory before you patch or upgrade — authentik official site ↗