Summary
ZITADEL patched a critical XSS vulnerability (CVE-2026-29191) that allows unauthenticated attackers to take over user accounts via a single-click malicious link. The flaw can lead to unauthorized password resets.
Take Action:
If you are using ZITADEL, this is important. Plan a very quick update to version 4.12.0 because your users will be hacked, the full exploit instruction is already public. If you cannot patch today, block the /saml-post endpoint at your firewall and ensure MFA is active for all users.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)