Lucene search
+L

6 matches found

NVD
NVD
added 2026/07/10 6:16 p.m.9 views

CVE-2026-56667

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 5:46 p.m.3 views

CVE-2026-56668 ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 5:21 p.m.14 views

CVE-2026-56664

ZITADEL’s external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) did not enforce maximum token age (missing iat) in tokens, allowing arbitrarily old tokens from a trusted issuer to pass authentication. Affected: ZITADEL core platform; vulnerable code path in the JWT IdP...

4.2CVSS6.1AI score0.00203EPSS
Exploits0References5
OSV
OSV
added 2025/12/09 10:7 p.m.7 views

CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login

ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...

9.3CVSS6.9AI score0.0046EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.4 views

PT-2024-24923 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions prior to 2.50.0 Description: ZITADEL provides users the possibility to use Time-based One-Time-Password TOTP and One-Time-Password OTP through SMS and Email. While ZITADEL already gives administrators the option to define a...

8.1CVSS7.4AI score0.00456EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/03/27 12:0 a.m.5 views

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era, open sourced by ZITADEL Switzerland. ZITADEL suffers from a security vulnerability that stems from incorrect validation of Content-Type, leading to a stored...

8.7CVSS7.5AI score0.0076EPSS
Exploits0References9
Rows per page
Query Builder