CVE-2026-56667

zitadel · zitadel

A stored Cross-Site Scripting (XSS) vulnerability in the ZITADEL identity platform allows an authenticated, high-privileged user to execute malicious scripts.

Executive summary

ZITADEL identity management platform is vulnerable to an XSS attack that allows authenticated, high-privileged users to compromise system integrity.

Vulnerability

This is a CWE-79 (Cross-site Scripting) vulnerability where an authenticated user with high privileges can inject malicious scripts into the web interface, impacting other users' sessions.

Business impact

While the CVSS score is 7.3, the requirement for high privileges mitigates the risk for standard users; however, a successful exploit could lead to full administrative account takeover or session hijacking. This poses a severe threat to identity management systems, potentially allowing an attacker to exfiltrate sensitive credentials or modify security configurations.

Remediation

Immediate Action: Upgrade ZITADEL to version 4.15.3 or later immediately.

Proactive Monitoring: Audit administrative accounts for unauthorized configuration changes and monitor for suspicious script execution or unusual session activity in the management console.

Compensating Controls: Enforce strict Content Security Policy (CSP) headers to prevent the execution of unauthorized scripts within the browser and limit administrative access to the platform via multi-factor authentication.

Exploitation status

Public Exploit Available: Unknown.

Analyst recommendation

Although the vulnerability requires high privileges, the risk to an identity platform is inherently critical. Administrators must apply the patch to version 4.15.3 immediately to prevent potential privilege escalation or lateral movement within the identity infrastructure.