CNNVD-202601-2564 Information
CNNVD ID
CNNVD-202601-2564
Related CVE
- CNNVD Published: 2026-01-15
Description (Chinese)
ZITADEL是瑞士ZITADEL开源的一个 Auth0、Firebase Auth、AWS Cognito 以及为容器和无服务器时代构建的 Keycloak 的现代开源替代方案。 ZITADEL 4.9.1之前版本和3.4.6之前版本存在安全漏洞,该漏洞源于登录接口存在用户枚举漏洞,可能导致确认有效用户账户。
Description (English)
ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito and Keycloak built in the age of packagings and servers. There is a security loophole in previous versions of ZITADEL 4.9.1 and 3.4.6, which stems from a user-exposed gap in the login interface, which may lead to the identification of a valid user account.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ZITADEL
Published
2026-01-15
Last Modified
2026-02-24
References
https://github.com/zitadel/zitadel/commit/b85ab69e4679b0268e2b0e9b4cd04e934af10dd2 https://github.com/zitadel/zitadel/commit/c300d4cc6a2775ab17ddfe76492f24170f8b858d https://github.com/zitadel/zitadel/releases/tag/v3.4.6 https://github.com/zitadel/zitadel/releases/tag/v4.9.1 https://github.com/zitadel/zitadel/security/advisories/GHSA-pvm5-9frx-264r
Patch
https://github.com/zitadel/zitadel/releases
Share on: