CVE-2026-29191

Critical CVSS: 9.3

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0.

Vendor

Zitadel

Product

Zitadel

CWE

CWE-79

Yayın Tarihi

2026-03-07 15:15:55

Güncelleme

2026-03-10 17:55:39

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Zitadel CRITICAL Zitadel 2026

Referanslar

https://github.com/zitadel/zitadel/security/advisories/GHSA-pr34-2v5x-6qjq

Benzer Kayıtlar

Medium

CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users t…

High

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Z…

High

CVE-2026-32130

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provides a Syste…

High

CVE-2026-32131

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Manageme…

High

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login…

High

CVE-2026-29193

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login…