VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/zitadel/zitadel/v2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-29192 unknown 3mo ago ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel golang
CVE-2026-29193 unknown 3mo ago ZITADEL: Login V2 UI Policy Bypass Allows Unauthorized Self-Registration and Authentication in github.com/zitadel/zitadel golang
CVE-2026-29191 unknown 3mo ago ZITADEL has 1-Click Account Takeover via XSS in /saml-post Endpoint in github.com/zitadel/zitadel golang
CVE-2026-27945 unknown 3mo ago ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel golang
CVE-2025-67495 unknown 6mo ago ZITADEL Vulnerable to Account Takeover via DOM-Based XSS in Zitadel V2 Login in github.com/zitadel/zitadel golang
CVE-2026-29067 unknown 6mo ago ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login in github.com/zitadel/zitadel golang
CVE-2025-67494 unknown 6mo ago ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login in github.com/zitadel/zitadel golang
CVE-2025-64103 unknown 7mo ago Zitadel May Bypass Second Authentication Factor in github.com/zitadel/zitadel golang
CVE-2025-64102 unknown 7mo ago Zitadel allows brute-forcing authentication factors in github.com/zitadel/zitadel golang
CVE-2025-64101 unknown 7mo ago ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection in github.com/zitadel/zitadel golang
CVE-2025-48936 unknown 1y ago ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection in github.com/zitadel/zitadel golang
CVE-2025-27507 unknown 1y ago IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations in github.com/zitadel/zitadel golang
CVE-2024-47060 unknown 2y ago ZITADEL Allows Unauthorized Access After Organization or Project Deactivation in github.com/zitadel/zitadel golang
CVE-2024-47000 unknown 2y ago ZITADEL's Service Users Deactivation not Working in github.com/zitadel/zitadel golang
CVE-2024-46999 unknown 2y ago ZITADEL's User Grant Deactivation not Working in github.com/zitadel/zitadel golang