PT-2026-24855 · Git+1 · Zitadel

Odgrso

Publicado

2026-03-11

Atualizado

2026-03-16

CVE-2026-32132

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions ZITADEL versions prior to 3.4.8 ZITADEL versions prior to 4.12.2

Description ZITADEL is an open source identity management platform. A potential issue exists in the passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code could allow an attacker to potentially register their own passkey and gain access to the victim's account. The vulnerable endpoint is the passkey registration endpoint. The vulnerable variable is the code used for passkey registration.

Recommendations Update to ZITADEL version 3.4.8 or later. Update to ZITADEL version 4.12.2 or later.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

CVE-2026-32132

GHSA-2X66-R53R-9R86

Produtos afetados

Zitadel

PT-2026-24855 · Git+1 · Zitadel

CVE-2026-32132

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8