CVE-2026-23511

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ZITADEL versions prior to 4.9.1 ZITADEL versions prior to 3.4.6

Description ZITADEL is an open source identity management platform. A user enumeration issue exists in the login interfaces. An unauthenticated attacker can determine the existence of valid user accounts by attempting different usernames and userIDs. The vulnerability is exploitable by iterating through usernames and userIDs.

Recommendations Update ZITADEL to version 4.9.1 or later. Update ZITADEL to version 3.4.6 or later.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203CWE-204

Related Identifiers

BDU:2026-00674

CVE-2026-23511

GHSA-PVM5-9FRX-264R

GO-2026-4319

SUSE-SU-2026:0292-1

Affected Products

Zitadel

CVE-2026-23511

Weakness Enumeration

Related Identifiers

Affected Products

References · 32