Browse all 4 CVE security advisories affecting authelia. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Authelia serves as a multi-factor authentication and single sign-on portal for web applications, functioning as a primary access control solution. Historically, vulnerabilities have included cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from improper input validation or insecure configuration handling. While no major public incidents have been widely documented, the project maintains a moderate CVE count with four records to date. Security characteristics include regular security audits and a focus on defensive coding practices, though developers should remain vigilant about configuration security to prevent potential bypasses.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33525 | Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting — autheliaCWE-79 | 6.1 | - | 2026-03-26 |
| CVE-2025-24806 | Regulation applies separately to Username-based logins to Email-based logins in authelia — autheliaCWE-307 | 9.1 | - | 2025-02-19 |
| CVE-2021-32637 | Authentication bypassed with malformed request URI — autheliaCWE-287 | 10.0 | Critical | 2021-05-28 |
| CVE-2021-29456 | Authelia allows open redirects on the logout endpoint — autheliaCWE-601 | 5.7 | Medium | 2021-04-21 |
This page lists every published CVE security advisory associated with authelia. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.