Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-56668 | 8.1 HIGH | ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange |
| CVE-2026-55672 | 7.4 HIGH | ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token f |
| CVE-2026-56667 | 7.3 HIGH | ZITADEL: Stored XSS via Default URI Redirect in Login V2 |
| CVE-2026-55669 | 4.2 MEDIUM | ZITADEL: Missing Token Audience Validation (`aud`) in JWT IdP Provider |
| CVE-2026-56665 | 4.2 MEDIUM | ZITADEL: Missing Token Expiration (`exp`) Validation in JWT IdP Provider |
| CVE-2026-56664 | 4.2 MEDIUM | ZITADEL: Missing Token Lifecyle Validation (`exp` and `iat`) in JWT IdP Provider |
| CVE-2026-55670 | ZITADEL: Cross-Tenant User Leakage via Recycled Identifiers | |
| CVE-2026-55671 | ZITADEL: Server-Side Request Forgery (SSRF) and Denylist Bypass in Outgoing HTTP Component |
No comments yet