RCE

This content represents personal educational work produced in my individual capacity. It does not reflect the views, opinions, or positions of any employer, past or present. This is not professional security consulting advice. All tools and methods discussed are based on publicly available frameworks and open-source tool documentation. All techniques demonstrated were performed exclusively on personal homelab infrastructure that I own and operate. Do not test these techniques on systems you do not own or do not have explicit written authorization to test. The CVEs referenced in this post (CVE-2026-25227, CVE-2026-25748, CVE-2026-25922) are publicly disclosed and patched in Authentik 2025.12.4. ...