CVE-2026-32132 ZITADEL: Reactivation of Expired Passkey Registration Codes

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

CVE-2026-29192

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

ZITADEL 授权问题漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland. Versions 4.0.0 to 4.12.0 of ZITADEL contain authorization vulnerabilities. These vulnerabilities stem from the login V2 user interface, which allows bypasses of log...

Exploit for CVE-2025-67494

ZITADEL SSRF Exploit - CVE-2025-67494 Automated exploit for C...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...