Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsStudyTraining
ProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Study
Training
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1323+ Articles
158+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
5 articles

#Identity Provider

All CosmicBytez Labs articles tagged #Identity Provider, across news, security advisories, how-to guides, and projects.

  • SecurityJun 3, 2026

    CVE-2026-42849: authentik Critical XSS in AutosubmitStage (CVSS 9.3)

    A critical cross-site scripting vulnerability in authentik's Simple Flow Executor AutosubmitStage allows attackers to execute arbitrary JavaScript via a legacy-browser compatibility bypass. Patched in versions 2025.12.5 and 2026.2.3.

  • SecurityJun 3, 2026

    CVE-2026-49448: authentik Source Stage Authentication Bypass (CVSS 9.8)

    A critical authentication bypass in authentik allows attackers to skip the Source stage entirely by sending an empty POST request, completely circumventing configured identity source checks. Fixed in versions 2025.12.6, 2026.2.4, and 2026.5.1.

  • SecurityMar 8, 2026

    CVE-2026-29067: ZITADEL Password Reset Poisoned by

    A high-severity host header injection vulnerability in ZITADEL's login V2 password reset flow allows attackers to redirect reset links to...

  • SecurityMar 8, 2026

    ZITADEL Critical XSS in SAML Endpoint Enables 1-Click

    A critical cross-site scripting vulnerability in ZITADEL's login V2 /saml-post endpoint allows unauthenticated attackers to execute arbitrary JavaScript...

  • SecurityMar 8, 2026

    CVE-2026-29192: ZITADEL Stored XSS via Default Redirect URI

    A stored cross-site scripting vulnerability in ZITADEL's login V2 interface allows organization administrators to inject malicious JavaScript via a...