3 matches found
GHSA-7777-FHQ9-592V ZITADEL has potential SSRF via Actions
Summary ZITADEL Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. ZITADEL's Action target URLs can point to local hosts, potentially allowing...
CVE-2026-27945 ZITADEL has potential SSRF via Actions
ZITADEL is an open source identity management platform. Zitadel Action V2 introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0 is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs...
CVE-2026-27945
CVE-2026-27945 affects Zitadel Action V2/3.x leading to potential SSRF via Action target URLs that point to local hosts/IPs. The issue: Action endpoints may be able to gather internal network information or reach internal services when the target URL is local, potentially exposing internal topolo...