CRITICAL🇵🇱 Wersja polska

CVE-2026-29191

CVSS 9.3v3.1pub. 2026-03-07upd. 2026-03-10

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
  • Zitadel

    APP
    Zitadel
    4.0.0 – 4.12.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-67494CRITICAL9.3PL ✓ten sam produkt

SSRF bez uwierzytelnienia w ZITADEL — odczyt wewnętrznych zasobów sieciowych

CVE-2025-27507CRITICAL9.0PL ✓ten sam produkt

IDOR w Zitadel Admin API umożliwia modyfikację wrażliwych ustawień

CVE-2026-44671HIGH7.5ten sam produkt

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerabil...

CVE-2026-32131HIGH7.7ten sam produkt

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel'...

CVE-2026-32130HIGH7.5ten sam produkt

ZITADEL is an open source identity management platform. From 2.68.0 to before 3.4.8 and 4.12.2, Zitadel provid...