CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/14 9:13 p.m.•18 views

CVE-2026-44671

Summary of CVE-2026-44671 (ZITADEL LDAP Filter Injection) : Zitadel’s LDAP IdP parsing fails to escape user-provided usernames in LDAP search filters, enabling unauthenticated users to perform blind LDAP Injection during login. The issue affects Zitadel deployments using LDAP IdP in the following...

Exploits0References3Affected Software1

EUVD•added 2026/05/14 9:13 p.m.•11 views

EUVD-2026-30492

Cvelist•added 2026/05/14 9:13 p.m.•41 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

7.5CVSS0.00479EPSS

ATTACKERKB•added 2026/05/14 9:13 p.m.•5 views

CVE-2026-44671

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/14 9:13 p.m.•6 views

CVE-2026-44671 ZITADEL: LDAP Filter Injection in Login Flow

CNNVD•added 2026/05/14 12:0 a.m.•7 views

ZITADEL 注入漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL from 2.71.11 up to 3.4.10, as well as version 4.15.0, had a vulnerability related to injection attacks. This vulnerability stemmed from improper escaping of user-provided...

7.5CVSS5.7AI score0.00479EPSS

Exploits0References1

OSV•added 2026/05/08 5:11 p.m.•5 views

GHSA-RXVX-HHPJ-Q6PX ZITADEL has LDAP Filter Injection in Login Flow

Summary A vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process...

Github Security Blog•added 2026/05/08 5:11 p.m.•8 views

Exploits0References5

ZITADEL has LDAP Filter Injection in Login Flow

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/08 12:0 a.m.•9 views

PT-2026-39289

Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.71.11 through 2.71.19 ZITADEL versions 3.1.0 through 3.4.9 ZITADEL versions 4.0.0 through 4.14.0 Description An issue exists in the LDAP identity provider implementation where user-provided usernames are not properly escaped...

7.5CVSS5.9AI score0.00479EPSS

Exploits0References8

Chainguard•added 2026/05/06 7:17 p.m.•11 views

CVE-2026-41889 vulnerabilities

Vulnerabilities for packages: ldap2pg, gitaly-fips, falcosidekick-fips, pgtimetable, jitsucom-bulker, certificate-transparency, gitlab-cng, teleport, rke2-cloud-provider-fips, openbao-fips, wal-g, kuma, kine, spire-server-fips, grafana-fips, sftpgo-plugin-eventsearch, spicedb, argo-workflows-fips...

9.8CVSS5.8AI score0.00356EPSS

Chainguard•added 2026/04/11 2:19 p.m.•3 views

GHSA-7777-FHQ9-592V vulnerabilities

Vulnerabilities for packages: zitadel...

5.8AI score

Chainguard•added 2026/04/11 2:19 p.m.•2 views

CVE-2026-27945 vulnerabilities

Vulnerabilities for packages: zitadel...

6.5CVSS7.2AI score0.00226EPSS

Veracode•added 2026/04/10 4:13 p.m.•2 views

Improper Authentication

github.com/zitadel/zitadel is vulnerable to improper authentication. The vulnerability is due to MFA being enforced only when explicitly required by policy, which allows an attacker to bypass additional authentication factors and exploit weaker single-factor sessions, potentially compromising...

9.8CVSS5.8AI score0.00307EPSS

Exploits0References3Affected Software1

Chainguard•added 2026/04/02 7:17 p.m.•3 views

CVE-2026-33132 vulnerabilities

Vulnerabilities for packages: zitadel...

5.3CVSS6.3AI score0.00309EPSS

Chainguard•added 2026/04/02 7:17 p.m.•4 views

GHSA-G2PF-WW5M-2R9M vulnerabilities

Vulnerabilities for packages: zitadel...

5.8AI score

Veracode•added 2026/03/30 8:39 a.m.•3 views

DOM-Based Cross-Site Scripting (XSS)

github.com/zitadel/zitadel, is vulnerable to DOM-Based Cross-Site Scripting XSS. The vulnerability is due to improper validation of the postlogoutredirect parameter in the /logout endpoint, which allows an unauthenticated remote attacker to execute malicious JavaScript in users’ browsers...

8CVSS6AI score0.00261EPSS

Exploits0References3Affected Software1

SUSE CVE•added 2026/03/28 12:26 a.m.•4 views

SUSE CVE-2026-33132

ZITADEL is an open source identity management platform. Versions prior to 3.4.9 and 4.0.0 through 4.12.2 allowed users to bypass organization enforcement during authentication. Zitadel allows applications to enforce an organzation context during authentication using scopes urn:zitadel:iam:org:id:...

5.3CVSS5.7AI score0.00309EPSS