CVE-2026-29191

Published March 7th, 2026

View on NVD ↗

CVSS v3

9.3

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0.

zitadel/zitadel

ZITADEL - Identity infrastructure, simplified for you.

GitHub

14.2K