Upstream information
Description
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | CNA (GitHub) |
|---|---|
| Base Score | 7.7 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | High |
| User Interaction | None |
| Scope | Changed |
| Confidentiality Impact | High |
| Integrity Impact | High |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- SUSE-SU-2026:1042-1, published 2026-03-25T15:06:58Z
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
SUSE Timeline for this CVE
CVE page created: Sat Mar 7 18:02:50 2026CVE page last modified: Thu Mar 26 01:45:34 2026