ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-6rx5-m2rc-hmf7 | ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 07 Mar 2026 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0. | |
| Title | ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-03-07T15:09:53.454Z
Reserved: 2026-03-04T14:44:00.714Z
Link: CVE-2026-29192
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-07T15:15:55.710
Modified: 2026-03-07T15:15:55.710
Link: CVE-2026-29192
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses