Lucene search
K

615 matches found

Nuclei
Nuclei
added 9 hours ago67 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-56668

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...

8.1CVSS0.00231EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-56666

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's external identity provider handler checks that the local user's email is verified but does not verify that the external IdP confirmed ownership of the same email before auto-linking by email, allowing a permissive...

4.8CVSS0.00189EPSS
Exploits0References3
NVD
NVD
added 3 days ago8 views

CVE-2026-56665

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS0.00167EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-56664

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS0.00203EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-55671

ZITADEL is an open source identity management platform. From 4.0.0-rc.1 through 4.15.1, ZITADEL's HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches do not consistently validate user-defined URLs against protected denylist handling, allowing server-side requests to...

2.3CVSS0.00252EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-55672

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
CVE
CVE
added 3 days ago11 views

CVE-2026-56668

Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...

8.1CVSS6.1AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-56666

ZITADEL before v4.15.3 permits auto-linking by email without confirming IdP ownership of the email. The external IdP handler validates the local email but not that the IdP confirms ownership, enabling linking a permissive provider account to a victim’s local account. This vulnerability is address...

4.8CVSS6.1AI score0.00189EPSS
Exploits0References3
CVE
CVE
added 3 days ago12 views

CVE-2026-56667

ZITADEL, an open source identity management platform, contains a Stored XSS flaw prior to version 4.15.3 in the Login V2 OIDC and SAML FailedPrecondition error paths. The bug returns loginSettings.defaultRedirectUri to router.push without applying isSafeRedirectUri, enabling an organization or in...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-56667 ZITADEL: Stored XSS via Default URI Redirect in Login V2

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS0.00225EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42964

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-42963

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-56665 ZITADEL: Missing Token Expiration (`exp`) Validation in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL is an open source identity management platform. From 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session....

4.2CVSS0.00167EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-56664 ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validation in internal/idp/providers/jwt/session.go skips the maximum token age freshness check when an incoming token omits the iat claim, allowing arbitrarily old tokens...

4.2CVSS0.00203EPSS
Exploits0References5
CVE
CVE
added 3 days ago30 views

CVE-2026-55672

Summary (concrete details) : The CVE concerns Zitadel, an open-source identity management platform. The vulnerability occurs in the OAuth2/OIDC CodeExchange and RefreshToken flows (and related device token flow) where verification that the requesting client matches the originally authorized clien...

7.4CVSS6.1AI score0.00276EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago28 views

CVE-2026-55672 ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refre...

7.4CVSS0.00276EPSS
Exploits0References5
CVE
CVE
added 3 days ago21 views

CVE-2026-55671

ZITADEL (github.com/zitadel/zitadel) is affected in versions 4.0.0-rc.1 through 4.15.1 by an SSRF in outgoing HTTP components (HTTP notification channels, OIDC BackChannel Logout, and SAML metadata URL fetches). The issue arises from inadequate validation against a protected denylist, allowing se...

2.3CVSS6.1AI score0.00252EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-55669

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer iss but not the audience aud claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted ...

4.2CVSS0.00112EPSS
Exploits0References3
Rows per page
Query Builder