CVE-2026-55671
ZITADEL (github.com/zitadel/zitadel) is affected in versions 4.0.0-rc.1 through 4.15.1 by an SSRF in outgoing HTTP components (HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches). The issue arises from inadequate validation against a protected denylist, allowing se...