6 matches found
GO-2026-4572 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API in github.com/zitadel/zitadel
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabili...
GHSA-282G-FHMX-XF54 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...
ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
Summary A vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. Impact Zitadel provides an API for managing users. The API also allows users to self-manage their own data including updati...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the UpdateHumanUser API. An attacker can bypass proper verification of email or phone by directly setting the verification flag without completing the intended verification process. This may allow unauthorized...
CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...
CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API
ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...