Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0569

NIXPKGS-2026-0569
published on 8 Mar 2026
Permalink CVE-2026-29191
updated 1 week ago by @mweinelt Activity log
  • Created automatic suggestion 1 week ago
  • @mweinelt removed package zitadel-tools 1 week ago
  • @mweinelt accepted 1 week ago
  • @mweinelt published on GitHub 1 week ago
ZITADEL: 1-Click Account Takeover via XSS in /saml-post Endpoint

ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0.

References

Affected products

zitadel
  • ==>= 4.0.0, < 4.12.0

Matching in nixpkgs

Ignored packages (1)

Package maintainers

Upstream advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-pr34-2v5x-6qjq