Open Source Identity Management Platform Vulnerability in ZITADEL
CVE-2026-56667

7.3HIGH

Key Information:

Vendor

Zitadel

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-56667?

The ZITADEL Login V2 component allows an organization or instance administrator to inadvertently store unsafe JavaScript or data URIs within the login settings. This oversight means that, when an error occurs during the login process, the stored URI may be executed in a user's browser. Specifically, prior to version 4.15.3, failure in OIDC and SAML authentication could lead to the exposure of sensitive user information or unauthorized actions. The vulnerability has been addressed in version 4.15.3, reinforcing the importance of validating redirect URIs for security.

Affected Version(s)

zitadel < 4.15.3

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.