Lucene search
K

5 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-56667

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
CVE
CVE
added 5 days ago10 views

CVE-2026-56664

ZITADEL’s external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) did not enforce maximum token age (missing iat) in tokens, allowing arbitrarily old tokens from a trusted issuer to pass authentication. Affected: ZITADEL core platform; vulnerable code path in the JWT IdP...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References5
OSV
OSV
added 2025/12/09 10:7 p.m.6 views

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS6.9AI score0.0046EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-24923 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.50.0 Description: ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a...

8.1CVSS7.4AI score0.00456EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. ZITADEL suffers from a security vulnerability that stems from incorrect validation of Content-Type, leading to a stored...

8.7CVSS7.5AI score0.0076EPSS
Exploits0References9
Rows per page
Query Builder