Identity Management Platform Flaw in ZITADEL Exposes User Data
CVE-2026-55670
2.3LOW
What is CVE-2026-55670?
ZITADEL, an open-source identity management platform, had an issue in its event store validation which allowed the system to retain the original resource owner of a deleted user identifier. This flaw resulted in a security risk where a new user re-created with the same identifier could inadvertently be assigned to the original organization, exposing sensitive data to that organization's administrator. The vulnerability has since been addressed in version 4.15.2 of the platform.
Affected Version(s)
zitadel < 4.15.2
