SUSE CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

CVE-2026-33132

CVE-2026-33132 concerns Zitadel, an open source identity management platform. Connected advisories confirm a missing enforcement of organization scopes in Zitadel’s authentication flow, enabling a bypass of organization checks for users during sign-in. Affected components include the Zitadel core...

CVE-2026-33132 ZITADEL is missing enforcement of organization scopes

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

CVE-2026-29192

Technical details for CVE-2026-29192 are not provided in the connected documents. No specifics on affected products beyond Zitadel 4.0.0–4.11.1 or remediation beyond patch to 4.12.0. Monitor for official advisories and updates.

ZITADEL 跨站脚本漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 4.0.0 to 4.11.1 have a cross-site scripting vulnerability. This vulnerability stems from a default URI redirection issue in the login V2 interface, which may lead to...

ZITADEL 跨站脚本漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions 4.0.0 to 4.11.1 of ZITADEL contain a cross-site scripting vulnerability. This vulnerability stems fr...