CVE-2026-55669 in ZITADEL
Сводка
по MITRE • 10.07.2026
ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) but not the audience (aud) claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted by ZITADEL. This issue is fixed in versions 3.4.12 and 4.15.2.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.