Bypass in ZITADEL Identity Management Platform Login Mechanism
CVE-2026-29193

8.2HIGH

Key Information:

Vendor: Zitadel
Status: Zitadel
Vendor: CVE Published:; 7 March 2026

What is CVE-2026-29193?

A vulnerability in the ZITADEL identity management platform's login V2 UI facilitates unauthorized user actions. Users could bypass established login behaviors and security policies, enabling them to self-register or sign in using a password even when these functionalities were disabled by the organization. This significant security oversight affects ZITADEL versions 4.0.0 to 4.12.0. The issue has been addressed in version 4.12.1.

Affected Version(s)

zitadel >= 4.0.0, < 4.12.1

References

https://github.com/zitadel/zitadel/security/advisories/GH...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-29193 Data

JSON

Zitadel

What is CVE-2026-29193?

Affected Version(s)

References

CVSS V3.1

Timeline