Zitadel Vulnerabilities
Comprehensive security vulnerability database for Zitadel products
2
2
0
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-29193 | 8.2 | This vulnerability allows an attacker to create new accounts or log in with a password, even if those options are supposed to be disabled by the organization. It affects versions 4.0.0 to 4.12.0 of the Zitadel identity management platform, and users must be able to access the login interface to exploit this issue. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
| CVE-2026-29192 | 7.7 | This vulnerability allows an attacker to take over user accounts by exploiting a flaw in Zitadel's login system, specifically through a default redirect link. It affects versions 4.0.0 to 4.11.1, so users need to upgrade to version 4.12.0 to protect themselves. | zitadelzitadel | Theoretical | about 1 month agoMar 7, 2026 |
About Zitadel Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Zitadel products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.