CVE-2026-29191— ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-29191
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint
Source: NVD (National Vulnerability Database)
Vulnerability Description
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ZITADEL 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.0.0至4.11.1版本存在跨站脚本漏洞,该漏洞源于登录V2接口存在跨站脚本问题,可能导致账户接管。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
II. Public POCs for CVE-2026-29191
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-29191
请登录查看更多情报信息。
Same Patch Batch · zitadel · 2026-03-07 · 4 CVEs total
| CVE-2026-29193 | 8.2 HIGH | ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2 |
| CVE-2026-29067 | 8.1 HIGH | ZITADEL: Account Takeover Due to Improper Instance Validation in V2 Login |
| CVE-2026-29192 | 7.7 HIGH | ZITADEL: Stored XSS via Default URI Redirect Leads to Account Takeover |
IV. Related Vulnerabilities
Same product: zitadel
- CVE-2026-33132
ZITADEL is missing enforcement of organization scopes - CVE-2026-32132
ZITADEL: Reactivation of Expired Passkey Registration Codes - CVE-2026-32131
ZITADEL Cross-Tenant Information Disclosure in Management AP - CVE-2026-32130
ZITADEL SCIM Authentication Bypass via URL Encoding - CVE-2026-29067
ZITADEL: Account Takeover Due to Improper Instance Validatio
Same vendor: zitadel
- CVE-2026-33132
ZITADEL is missing enforcement of organization scopes - CVE-2026-32132
ZITADEL: Reactivation of Expired Passkey Registration Codes - CVE-2026-32131
ZITADEL Cross-Tenant Information Disclosure in Management AP - CVE-2026-32130
ZITADEL SCIM Authentication Bypass via URL Encoding - CVE-2026-29067
ZITADEL: Account Takeover Due to Improper Instance Validatio
Same weakness: CWE-79
- CVE-2026-8262
Devs Palace ERP Online chart-save cross site scripting - CVE-2026-8256
Devs Palace ERP Online mr-save cross site scripting - CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting
V. Comments for CVE-2026-29191
No comments yet