top of page
perceptive_background_267k.jpg

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowe…

Published:

6 maart 2026 om 23:00:00

Alert date:

7 maart 2026 om 16:02:28

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

ZITADEL, an open source identity management platform, contains a cross-site scripting (XSS) vulnerability in its login V2 interface that could lead to account takeover. The vulnerability affects the /saml-post endpoint in versions 4.0.0 through 4.11.1. Attackers could potentially exploit this XSS flaw to compromise user accounts through malicious scripts. The vulnerability has been patched in version 4.12.0. Organizations using affected versions should upgrade immediately to mitigate the risk of account compromise.

Technical details

Mitigation steps:

Affected products:

ZITADEL

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-29191
https://github.com/zitadel/zitadel/security/advisories/GHSA-pr34-2v5x-6qjq

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page