Vulnerabilities in zitadel
48 resultsCVE-2024-49757HIGHZitadel User Registration Bypass VulnerabilityEPSS 2.6%CVE-2024-28855HIGHZITADEL vulnerable to improper HTML sanitizationEPSS 0.8%CVE-2023-49097HIGHZITADEL vulnerable account takeover via malicious host header injectionEPSS 0.8%CVE-2024-29892MEDIUMZITADEL's actions can overload reserved claimsEPSS 0.8%CVE-2024-29891HIGHZITADEL Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP BypassEPSS 0.8%CVE-2022-36051HIGHBroken Authorization in ZITADEL ActionsEPSS 0.8%CVE-2024-49753MEDIUMDenied Host Validation Bypass in Zitadel ActionsEPSS 0.6%CVE-2024-32967MEDIUMZitadel exposes internal database user name and host informationEPSS 0.6%CVE-2024-41952MEDIUMZitadel has an "Ignoring unknown usernames" vulnerabilityEPSS 0.6%CVE-2024-39683MEDIUMZITADEL Vulnerable to Session Information LeakageEPSS 0.6%CVE-2024-41953MEDIUMZitadel improperly sanitizes HTML in emails and Console UIEPSS 0.6%CVE-2023-22492MEDIUMRefreshToken invalidation vulnerabilityEPSS 0.6%CVE-2025-27507CRITICALIDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP ConfigurationsEPSS 0.6%CVE-2026-32130HIGHZITADEL SCIM Authentication Bypass via URL EncodingEPSS 0.6%CVE-2023-44399MEDIUMZITADEL's password reset does not respect the "Ignoring unknown usernames" settingEPSS 0.5%CVE-2023-47111HIGHZITADEL race condition in lockout policy executionEPSS 0.5%CVE-2026-44671HIGHZITADEL: LDAP Filter Injection in Login FlowEPSS 0.5%CVE-2024-32868MEDIUMZITADEL's Improper Lockout Mechanism Leads to MFA BypassEPSS 0.5%CVE-2025-31124MEDIUMZitadel allows User Enumeration by loginname attribute normalizationEPSS 0.5%CVE-2025-67494CRITICALZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 LoginEPSS 0.5%