SUSE CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

GO-2026-4607 ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel

ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29191

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29191 ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29191 ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

CVE-2026-29191

Technical details about CVE-2026-29191 are not publicly available in the provided documents. Based on the initial description, no affected products, versions, root cause, or remediation are specified beyond the patch version 4.12.0. Monitor for updates.

CVE-2026-29191 ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0...

GHSA-PR34-2V5X-6QJQ ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint

Summary A vulnerability was discovered in Zitadel's login V2 interface that allowed a possible account takeover. Impact Zitadel exposes an HTTP endpoint named /saml-post. This endpoint is used for handling requests to SAML IdPs and accepts two HTTP GET parameters: url and id. When these parameter...

ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint

Summary A vulnerability was discovered in Zitadel's login V2 interface that allowed a possible account takeover. Impact Zitadel exposes an HTTP endpoint named /saml-post. This endpoint is used for handling requests to SAML IdPs and accepts two HTTP GET parameters: url and id. When these parameter...

PT-2026-23104

Name of the Vulnerable Software and Affected Versions ZITADEL versions 4.0.0 through 4.11.1 Description ZITADEL, an open source identity management platform, contains a cross-site scripting XSS issue in its login V2 interface, specifically within the /saml-post endpoint. This flaw allows for...

CVE-2023-52240

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SA...

Code injection

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SA...

CVE-2023-52240

The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SA...

PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4

Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...