top of page
perceptive_background_267k.jpg

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowe…

Published:

6 March 2026 at 23:00:00

Alert date:

7 March 2026 at 16:02:28

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

ZITADEL, an open source identity management platform, contains a cross-site scripting (XSS) vulnerability in its login V2 interface that could lead to account takeover. The vulnerability affects the /saml-post endpoint in versions 4.0.0 through 4.11.1. Attackers could potentially exploit this XSS flaw to compromise user accounts through malicious scripts. The vulnerability has been patched in version 4.12.0. Organizations using affected versions should upgrade immediately to mitigate the risk of account compromise.

Technical details

Mitigation steps:

Affected products:

ZITADEL

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-29191
https://github.com/zitadel/zitadel/security/advisories/GHSA-pr34-2v5x-6qjq

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page