Open Source Identity Management Platform Vulnerability in ZITADEL
CVE-2026-56667
7.3HIGH
What is CVE-2026-56667?
The ZITADEL Login V2 component allows an organization or instance administrator to inadvertently store unsafe JavaScript or data URIs within the login settings. This oversight means that, when an error occurs during the login process, the stored URI may be executed in a user's browser. Specifically, prior to version 4.15.3, failure in OIDC and SAML authentication could lead to the exposure of sensitive user information or unauthorized actions. The vulnerability has been addressed in version 4.15.3, reinforcing the importance of validating redirect URIs for security.
Affected Version(s)
zitadel < 4.15.3
