CVE-2026-29067

High CVSS: 8.1

ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. This issue has been patched in version 4.7.1.

Vendor

Zitadel

Product

Zitadel

CWE

CWE-601

Yayın Tarihi

2026-03-07 15:15:54

Güncelleme

2026-03-10 17:58:23

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-601 Zitadel HIGH Zitadel 2026

Referanslar

https://github.com/zitadel/zitadel/security/advisories/GHSA-pfrf-9r5f-73f5

Benzer Kayıtlar

Medium

CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users t…

High

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Z…

High

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a Syste…

High

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Manageme…

Critical

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login…

High

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login…