CVE-2026-56667
zitadel · zitadel
A stored Cross-Site Scripting (XSS) vulnerability in the ZITADEL identity platform allows an authenticated, high-privileged user to execute malicious scripts.
Executive summary
ZITADEL identity management platform is vulnerable to an XSS attack that allows authenticated, high-privileged users to compromise system integrity.
Vulnerability
This is a CWE-79 (Cross-site Scripting) vulnerability where an authenticated user with high privileges can inject malicious scripts into the web interface, impacting other users' sessions.
Business impact
While the CVSS score is 7.3, the requirement for high privileges mitigates the risk for standard users; however, a successful exploit could lead to full administrative account takeover or session hijacking. This poses a severe threat to identity management systems, potentially allowing an attacker to exfiltrate sensitive credentials or modify security configurations.
Remediation
Immediate Action: Upgrade ZITADEL to version 4.15.3 or later immediately.
Proactive Monitoring: Audit administrative accounts for unauthorized configuration changes and monitor for suspicious script execution or unusual session activity in the management console.
Compensating Controls: Enforce strict Content Security Policy (CSP) headers to prevent the execution of unauthorized scripts within the browser and limit administrative access to the platform via multi-factor authentication.
Exploitation status
Public Exploit Available: Unknown.
Analyst recommendation
Although the vulnerability requires high privileges, the risk to an identity platform is inherently critical. Administrators must apply the patch to version 4.15.3 immediately to prevent potential privilege escalation or lateral movement within the identity infrastructure.