Critical NGINX Vulnerability Actively Exploited
A critical vulnerability, CVE-2026-42849 with a severity score of 9.3, has been identified in the Authentik open-source identity provider. The flaw exists in versions prior to 2025.12.5 and 2026.2.3 due to issues with the Simple Flow Executor implementation.
Topics
Developing
- 884d Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore.
- 884d Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
- 884d Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est.
- 884d Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium.
Sources · 7 independent
Mastodon
“CVE-2026-42849 - Critical (9.3)authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE (Simple Flow Executor) in order...”
GDELT Global Events
“瑞泰科技 ( 002066 ): 涉及财务公司关联交易的存款 、 贷款等金融业务的专项说明 - CFi . CN 中财网”
Launch Library
“March 5 | Unknown Payload. Launch: Long March 5 | Unknown Payload | Status: To Be Confirmed | Provider: | NET: 2026-06-10T06:00:00Z | Pad: ,”
Unlock the full story
Get a Pro subscription or above to see the live story progression and the full list of independent sources confirming each event as they happen.
Log in to upgrade