cbcvebase.

Github.Com Authelia Authelia V4 vulnerabilities

6 known vulnerabilities affecting github.com/authelia_authelia_v4.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1LOW4

Vulnerabilities

Page 1 of 1
CVE-2021-32637P2CRITICAL≥ 4.0.0-alpha1, < 4.29.32021-12-20
CVE-2021-32637 [CRITICAL] CWE-287 Authelia vulnerable to an authentication bypassed with malformed request URI on nginx Authelia vulnerable to an authentication bypassed with malformed request URI on nginx ### Impact This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect other proxy servers, but all of the ones we offi
ghsaosv
CVE-2026-33525P4LOW≥ 4.39.15, < 4.39.162026-03-24
CVE-2026-33525 [LOW] CWE-79 Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting ### Impact **Official Weighted Severity Rating:** Low This exploit is very unlikely to be the case for most users as it requires configuration of the Content Security Policy template value. Below represents a safe value, **_any other value_** other
ghsaosv
CVE-2021-29456P4MEDIUM≥ 0, < 4.28.02023-03-16
CVE-2021-29456 [MEDIUM] CWE-601 Authelia allows open redirects on the logout endpoint Authelia allows open redirects on the logout endpoint ### Impact Utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain. The URL of the intended redirect should always be checked for safety prior to forwarding the user. Other endpoints of the web application already do this, they check both that the domain is using the HTTPS protocol and that it exists on
ghsaosv
CVE-2026-47203P4LOW≥ 4.38.0, < 4.39.202026-05-29
CVE-2026-47203 [LOW] CWE-178 Authelia Missing Username Canonicalization in Basic Auth (LDAP) Authelia Missing Username Canonicalization in Basic Auth (LDAP) ### Impact **CVSSv4 Baseline Score:** Moderate 6.3 **CVSSv4 Weighted Score:** Low 2.9 The full CVSSv4 Vector for this vulnerability is: > CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:L/IR:L/AR:L/MAV:N/MAC:H/MAT:N/MPR:N/MUI:N/MVC:L/MVI:N/MVA:N/MSC:N/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green **CVSSv3.1 Baseline
ghsa
CVE-2026-48794P4LOW≥ 4.36.0, < 4.39.202026-06-26
CVE-2026-48794 [LOW] CWE-178 Authelia has an Edge Case Access Control Rule Mismatch Authelia has an Edge Case Access Control Rule Mismatch ### Impact **CVSSv4 Baseline Score:** Low 2.4 **CVSSv4 Weighted Score:** Low 1.3 The full CVSSv4 Vector for this vulnerability is: > CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:H/IR:L/AR:L/MAV:N/MAC:H/MAT:P/MPR:L/MVC:L/MVI:N/MVA:N/MSC:L/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber **CVSSv3.1 Baseline Score:** Low 3.1 **CVSSv3.1
ghsa
CVE-2025-24806P4LOW≥ 0, < 4.38.192025-02-19
CVE-2025-24806 [LOW] CWE-307 Authelia applies regulation separately to Username-based logins to Email-based logins Authelia applies regulation separately to Username-based logins to Email-based logins ### Summary If users are allowed to sign in via both username and email the regulation system treats these as separate login events. This leads to the regulation limitations being effectively doubled assuming an attacker using brute-force to find a user password. It's important to note that due t
ghsaosv
Github.Com Authelia Authelia V4 vulnerabilities | cvebase