{"vulnerability": "cve-2026-40172", "sightings": [{"uuid": "729f516e-eb1e-46fc-8f9d-636b3a644a0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40172", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmhxh27ytq2n", "content": "CVE-2026-40172 - authentik: Privilege Escalation via User PATCH: Superuser Group Assignment Bypasses enable_group_superuser\nCVE ID : CVE-2026-40172\n \n Published : May 22, 2026, 7 p.m. | 1\u00a0hour, 19\u00a0minutes ago\n \n Description : authentik is an open-source identity provider. In v...", "creation_timestamp": "2026-05-22T22:14:26.153493Z"}, {"uuid": "80a1a8a8-5017-4ad0-8aa5-e8d422c1e6bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40172", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116623077000235215", "content": "It is possible to see elevated activities targeting goauthentik authentik (CVE-2026-40172) https://vuldb.com/vuln/365267/cti", "creation_timestamp": "2026-05-23T09:02:12.206404Z"}, {"uuid": "537ae276-60e6-455d-b283-80cc1fd9393a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40172", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mmp45jkemk22", "content": "Is your self-hosted network actually secure?\nA brand new CVE-2026-40172 just dropped for Authentik, targeting Single Sign-On (SSO) gateways. Don't let hackers compromise your Proxmox cluster. #infosec #devops #proxmox #valtersit #CVE #CVEAlert #devsecops #hackers", "creation_timestamp": "2026-05-25T18:27:14.423217Z"}]}