Authelia
Products
1- 6 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33525 | Med | 0.40 | 6.1 | 0.00 | Mar 26, 2026 | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several… | ||
| CVE-2026-47203 | low | 0.19 | 4.0 | 0.00 | May 29, 2026 | ### Impact **CVSSv4 Baseline Score:** Moderate 6.3 **CVSSv4 Weighted Score:** Low 2.9 The full CVSSv4 Vector for this vulnerability is: > CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:L/IR:L/AR:L/MAV:N/MAC:H/MAT:N/MPR:N/MUI:N/MVC:L/MVI:N/MVA:N/MSC:N/M… | ||
| CVE-2025-24806 | Low | 0.08 | — | 0.00 | Feb 19, 2025 | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. If users are allowed to sign in via both username and email the regulation system treats these as separate login… | ||
| CVE-2026-48794 | 0.00 | — | 0.00 | Jun 19, 2026 | Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an… | |||
| CVE-2021-32637 | 0.00 | — | 0.02 | May 28, 2021 | Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could… | |||
| CVE-2021-29456 | 0.00 | — | 0.01 | Apr 21, 2021 | Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the… |
- risk 0.40cvss 6.1epss 0.00
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In version 4.39.15, an attacker may potentially be able to inject javascript into the Authelia login page if several…
- risk 0.19cvss 4.0epss 0.00
### Impact **CVSSv4 Baseline Score:** Moderate 6.3 **CVSSv4 Weighted Score:** Low 2.9 The full CVSSv4 Vector for this vulnerability is: > CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:L/IR:L/AR:L/MAV:N/MAC:H/MAT:N/MPR:N/MUI:N/MVC:L/MVI:N/MVA:N/MSC:N/M…
- risk 0.08cvss —epss 0.00
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. If users are allowed to sign in via both username and email the regulation system treats these as separate login…
- CVE-2026-48794Jun 19, 2026risk 0.00cvss —epss 0.00
Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications via a web portal. In versions 4.36.0 through 4.39.19, due to lack of canonicalization of domains in very specific edge cases, an…
- CVE-2021-32637May 28, 2021risk 0.00cvss —epss 0.02
Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could…
- CVE-2021-29456Apr 21, 2021risk 0.00cvss —epss 0.01
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the…