User Enumeration Vulnerability in ZITADEL Identity Management Platform
CVE-2026-23511
5.3MEDIUM
What is CVE-2026-23511?
ZITADEL, an open-source identity management platform, has been identified with a vulnerability in its login interfaces that permits user enumeration. This flaw enables an unauthenticated attacker to verify whether specific user accounts exist by systematically attempting to login using various usernames or user IDs. The vulnerability has been addressed in releases 4.9.1 and 3.4.6, which provide crucial security enhancements to mitigate this weakness.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
zitadel >= 4.0.0, < 4.9.1 < 4.0.0, 4.9.1
zitadel < 3.4.6 < 3.4.6
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved