CVE-2026-49443 - authentik: `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
CVE ID :CVE-2026-49443 Published : June 2, 2026, 9:16 p.m. | 1 hour, 57 minutes ago Description :authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the...