Lucene search
K

9 matches found

OSV
OSV
added 2026/05/08 5:11 p.m.7 views

GHSA-RXVX-HHPJ-Q6PX ZITADEL has LDAP Filter Injection in Login Flow

Summary A vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process...

7.5CVSS5.8AI score0.00479EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/07 3:11 p.m.31 views

CVE-2026-29193 ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their...

8.2CVSS0.00312EPSS
Exploits0References1
OSV
OSV
added 2026/03/07 3:9 p.m.5 views

CVE-2026-29192 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0...

7.7CVSS5.7AI score0.00318EPSS
Exploits0References3
OSV
OSV
added 2026/01/23 2:28 a.m.5 views

GO-2026-4319 Zitadel has a user enumeration vulnerability in Login UIs in github.com/zitadel/zitadel

Zitadel has a user enumeration vulnerability in Login UIs in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

5.3CVSS5.6AI score0.00362EPSS
Exploits0References7
NVD
NVD
added 2026/01/15 8:16 p.m.5 views

CVE-2026-23511

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

5.3CVSS0.00362EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/15 7:9 p.m.3 views

CVE-2026-23511 ZITADEL has a user enumeration vulnerability in Login UIs

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames an...

5.3CVSS6.5AI score0.00362EPSS
Exploits0References5
OSV
OSV
added 2025/12/08 10:19 p.m.2 views

GHSA-7WFC-4796-GMG5 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data...

9.3CVSS7AI score0.00452EPSS
Exploits2References4
NVD
NVD
added 2025/08/22 5:15 p.m.5 views

CVE-2025-57770

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

5.3CVSS0.0035EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/08/22 4:50 p.m.4 views

CVE-2025-57770 ZITADEL user enumeration vulnerability in login UI

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Versions 4.0.0 to 4.0.2, 3.0.0 to 3.3.6, and all versions prior to 2.71.15 are vulnerable to a username enumeration issue in the login interface. The login UI includes a security...

5.3CVSS6.7AI score0.0035EPSS
Exploits0References6
Rows per page
Query Builder