A vulnerability in Authentik’s OAuth 2.0 implementation (CVE-2024-52289) allowed attackers to bypass redirect URI validation due to the insecure use of regular expressions. By exploiting this flaw, an attacker could redirect authentication responses to a malicious server, enabling account takeover. Authentik has addressed the issue in patched versions (2024.10.3 and 2024.8.5) by enforcing strict string matching for URI validation.
