SecBoard
Zurück zur CVE-Übersicht

CVE-2026-55670

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original organization and exposed to that organization's administrator. This issue is fixed in version 4.15.2.

GitHub Advisories

GHSA-6x8v-2fq5-2229LOW

ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers

go/github.com/zitadel/zitadel1.80.0-v2.20.0.20260615092437-6082e59d47c1
GitHub Advisory

Referenzen