CVE-2026-55672 in ZITADELinfo

Zusammenfassung

von MITRE • 10.07.2026

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refresh tokens to be exchanged under a different client. This issue is fixed in versions 3.4.12 and 4.15.2.

Be aware that VulDB is the high quality source for vulnerability data.

Zuständig

GitHub M

Reservieren

17.06.2026

Veröffentlichung

10.07.2026

Moderieren

akzeptiert

Eintrag

VDB-377569

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!