From a00e8e0a01d037794fc468766f9c9139c35db0b7 Mon Sep 17 00:00:00 2001
From: "authentik-automation[bot]"
 <135050075+authentik-automation[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 22:33:21 +0200
Subject: [PATCH] website/docs: mark cves CVE-2026-49443 and CVE-2026-49448
 (cherry-pick #22808 to version-2026.5) (#22864)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

website/docs: mark cves CVE-2026-49443 and CVE-2026-49448 (#22808)

* mark cves

* Ignore spellcheck on redirects, headers.

---------

Co-authored-by: Simonyi Gergő <28359278+gergosimonyi@users.noreply.github.com>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
---
 cspell.config.jsonc                                             | 2 ++
 .../security/cves/{GHSA-xp7f-xjjx-gwm8.md => CVE-2026-49443.md} | 2 +-
 .../security/cves/{GHSA-wr38-7xg8-fqxr.md => CVE-2026-49448.md} | 2 +-
 website/docs/static/_redirects                                  | 2 ++
 4 files changed, 6 insertions(+), 2 deletions(-)
 rename website/docs/security/cves/{GHSA-xp7f-xjjx-gwm8.md => CVE-2026-49443.md} (94%)
 rename website/docs/security/cves/{GHSA-wr38-7xg8-fqxr.md => CVE-2026-49448.md} (96%)

diff --git a/cspell.config.jsonc b/cspell.config.jsonc
index 756275854d..dfb5ded223 100644
--- a/cspell.config.jsonc
+++ b/cspell.config.jsonc
@@ -269,6 +269,8 @@
         ".docusaurus/**", // Cache
         "./{docs,website}/build", // Topic docs build output
         "./{docs,website}/**/build", // Workspaces output
+        "_redirects", // Redirects file
+        "_headers", // Headers file
         //#endregion
         //#region Golang
         "go.mod", // Go module file
diff --git a/website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md b/website/docs/security/cves/CVE-2026-49443.md
similarity index 94%
rename from website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md
rename to website/docs/security/cves/CVE-2026-49443.md
index 0fda0640b4..dec302ea65 100644
--- a/website/docs/security/cves/GHSA-xp7f-xjjx-gwm8.md
+++ b/website/docs/security/cves/CVE-2026-49443.md
@@ -1,6 +1,6 @@
 <!-- spellchecker:ignore GHSA-xp7f-xjjx-gwm8 -->
 
-# GHSA-xp7f-xjjx-gwm8
+# CVE-2026-49443 / GHSA-xp7f-xjjx-gwm8
 
 ## SourceStage bypass via empty POST
 
diff --git a/website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md b/website/docs/security/cves/CVE-2026-49448.md
similarity index 96%
rename from website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md
rename to website/docs/security/cves/CVE-2026-49448.md
index 617ab27f73..6cd4c93a10 100644
--- a/website/docs/security/cves/GHSA-wr38-7xg8-fqxr.md
+++ b/website/docs/security/cves/CVE-2026-49448.md
@@ -1,4 +1,4 @@
-# GHSA-5wcc-hf24-rf5h
+# CVE-2026-49443 / GHSA-5wcc-hf24-rf5h
 
 ## `UserSourceConnection.user` and `GroupSourceConnection.group` are changeable through the API
 
diff --git a/website/docs/static/_redirects b/website/docs/static/_redirects
index 5b94f26b36..be5b35d757 100644
--- a/website/docs/static/_redirects
+++ b/website/docs/static/_redirects
@@ -95,6 +95,8 @@
 /security/2023-06-cure53                                    /security/audits-and-certs/2023-06-cure53 301!
 /security/CVE-*                                             /security/cves/CVE-:splat 301!
 /security/GHSA-*                                            /security/cves/GHSA-:splat 301!
+/security/cves/GHSA-xp7f-xjjx-gwm8                          /security/cves/CVE-2026-49448
+/security/cves/GHSA-wr38-7xg8-fqxr                          /security/cves/CVE-2026-49443
 #endregion
 
 #region Troubleshooting