Vulnerability Key Information Vulnerability Title Forward authentication bypass with malformed session cookie on Traefik and Caddy Severity CVSS v3 base metrics : - Attack vector: Network - Attack complexity: Low - Privileges required: None - User interaction: None - Scope: Changed - Confidentiality: High - Integrity: None - Availability: None CVSS: 8.6/10 Affected Package authentik Affected Versions <= 2025.10.3 <= 2025.12.3 Fixed Versions 2025.10.4 2025.12.4 Overview When using authentik Proxy Provider with Traefik or Caddy as a reverse proxy for forward authentication, a malformed session cookie can bypass authentication. When a malicious cookie is used, no authentik-specific X-Authentik-* headers are set, which may allow attackers to gain access depending on the application's behavior. Impact Depending on the application's behavior (based on whether it requires X-Authentik headers to be present after the Proxy Provider), attackers may gain full access to the application. Solution authentik 2025.10.4 and 2025.12.4 fix this issue. CVE ID CVE-2026-25748 Weakness CWE-287