CVE-2026-29192
Published: 07 March 2026
Summary
CVE-2026-29192 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Zitadel Zitadel. Its CVSS base score is 7.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2026-29192 by requiring timely identification, reporting, and patching of the flaw in ZITADEL's login V2 interface to prevent account takeover via default URI redirect.
Requires validation of information inputs such as redirect URIs in the login V2 interface, directly addressing the default URI redirect vulnerability that enables account takeover.
Vulnerability scanning detects the CVE-2026-29192 flaw in affected ZITADEL versions, enabling proactive patching to prevent exploitation by high-privilege attackers.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vuln in public login interface (T1190) of IAM platform enables account takeover via redirect URI abuse, directly facilitating use of valid/stolen accounts (T1078) and theft of issued access tokens (T1528).
NVD Description
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via Default URI Redirect. This issue has been patched in version 4.12.0.
Deeper analysisAI
CVE-2026-29192 is a vulnerability in the login V2 interface of ZITADEL, an open source identity management platform. Affecting versions 4.0.0 through 4.11.1, it enables a possible account takeover via Default URI Redirect and is associated with CWE-79. The issue carries a CVSS v3.1 base score of 7.7 (AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N), indicating network accessibility with high attack complexity and privileges required.
An attacker with high privileges can exploit this vulnerability over the network without user interaction. Successful exploitation allows scope-changed impacts, achieving high confidentiality and integrity effects, such as account takeover, while availability remains unaffected.
The GitHub Security Advisory (GHSA-6rx5-m2rc-hmf7) confirms the vulnerability and states that it has been patched in ZITADEL version 4.12.0. Security practitioners should upgrade to this version or later to mitigate the issue.
Details
- CWE(s)