Zitadel is vulnerable to a high-severity Cross-Site Scripting (XSS) attack that could allow attackers to hijack user sessions and take over accounts.

The flaw is located in the /saml-post endpoint of the Login V2 interface. An attacker can inject malicious scripts into the SAML response, which are then executed in the context of the victim's session, potentially leading to account takeover.

As an identity management platform, a compromise of Zitadel has cascading effects across all integrated applications. An account takeover of an administrator could result in total control over user identities and access rights. The CVSS score of 9.3 reflects the critical impact on the organization's authentication infrastructure.

Immediate Action: Update Zitadel to version 4.12.0 or higher to patch the vulnerable SAML endpoint.

Proactive Monitoring: Monitor for unusual SAML assertions or suspicious activity on the /saml-post endpoint, particularly involving script tags or unexpected redirects.

Compensating Controls: Implement a strong Content Security Policy (CSP) to mitigate the impact of XSS vulnerabilities by restricting the execution of unauthorized scripts.

Public Exploit Available: false

Apply the 4.12.0 update immediately. Identity providers are high-value targets; ensuring the integrity of the login interface is essential for maintaining the security of the entire enterprise application ecosystem.