CVE-2026-29192
published 2026-03-07CVE-2026-29192: ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that…
PriorityP342high7.7CVSS 3.1
AVNACHPRHUINSCCHIHAN
EPSS
0.32%
23.5th percentile
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | zitadel_zitadel | >= 4.0.0 < 4.12.0 | 4.12.0 |
| github.com | zitadel_zitadel_v2 | >= 4.0.0 < 4.12.0 | 4.12.0 |
| zitadel | zitadel | — | — |
| zitadel | zitadel | >= 4.0.0 < 4.12.0 | 4.12.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel
osv·2026-03-10
CVE-2026-29192 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover in github.com/zitadel/zitadel.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/zitadel/zitadel from v4.0.0 before v4.12.0.
OSV
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
osv·2026-03-04
CVE-2026-29192 [HIGH] ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
### Summary
A vulnerability in Zitadel's login V2 interface was discovered, allowing for possible account takeover.
### Impact
Zitadel allows organization administrators to change the default redirect URI for their organization. This setting enables them to redirect users to an arbitrary location after they log in.
Due to missing restrictions and improper handling, malicious javascrtipt code could be executed in Zitadel login UI (v2) using the users’ browser.
An unauthenticated remote attacker can exploit this Stored XSS vulnerability, reset the password of their victims, and take over their accounts.
It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authenti
GHSA
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
ghsa·2026-03-04
CVE-2026-29192 [HIGH] CWE-79 ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover
### Summary
A vulnerability in Zitadel's login V2 interface was discovered, allowing for possible account takeover.
### Impact
Zitadel allows organization administrators to change the default redirect URI for their organization. This setting enables them to redirect users to an arbitrary location after they log in.
Due to missing restrictions and improper handling, malicious javascrtipt code could be executed in Zitadel login UI (v2) using the users’ browser.
An unauthenticated remote attacker can exploit this Stored XSS vulnerability, reset the password of their victims, and take over their accounts.
It's important to note that this specific attack vector is mitigated for accounts that have Multi-Factor Authenti
No detection rules found.
No public exploits indexed.
2026-03-07
Published