7 matches found
SUSE CVE-2026-33132
ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...
CVE-2026-33132
A flaw was found in ZITADEL, an open-source identity management platform. A user could bypass organization enforcement during authentication due to missing controls in device authorization requests and specific login and OIDC API endpoints. This allowed users to sign in with credentials from othe...
CVE-2026-33132
ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...
CVE-2026-33132
ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...
CVE-2026-33132
CVE-2026-33132 concerns Zitadel, an open source identity management platform. Connected advisories confirm a missing enforcement of organization scopes in Zitadel’s authentication flow, enabling a bypass of organization checks for users during sign-in. Affected components include the Zitadel core...
GHSA-G2PF-WW5M-2R9M Zitadel is missing enforcement of organization scopes
Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...
PT-2026-26195
Summary A vulnerability in Zitadel's OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication. Impact Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:id and...