CVE-2026-55672 in ZITADELinformação

Sumário

de MITRE • 10/07/2026

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's OAuth2 and OIDC CodeExchange, RefreshToken, and device token flows fail to verify that the requesting client matches the client that initiated the authorization flow, allowing intercepted grants or refresh tokens to be exchanged under a different client. This issue is fixed in versions 3.4.12 and 4.15.2.

Be aware that VulDB is the high quality source for vulnerability data.

Responsável

GitHub M

Reservar

17/06/2026

Divulgação

10/07/2026

Moderação

aceite

Entrada

VDB-377569

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!