High severityNVD Advisory· Published Mar 7, 2026· Updated Mar 9, 2026
ZITADEL: Bypassing Zitadel Login Behavior and Security Policy in Login V2
CVE-2026-29193
Description
ZITADEL is an open source identity management platform. From version 4.0.0 to 4.12.0, a vulnerability in Zitadel's login V2 UI allowed users to bypass login behavior and security policies and self-register new accounts or sign in using password even if corresponding options were disabled in their organizaton. This issue has been patched in version 4.12.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/zitadel/zitadel/v2Go | >= 4.0.0, < 4.12.1 | 4.12.1 |
github.com/zitadel/zitadelGo | >= 4.0.0, < 4.12.1 | 4.12.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-25rw-g6ff-fmg8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-29193ghsaADVISORY
- github.com/zitadel/zitadel/releases/tag/v4.12.1ghsaWEB
- github.com/zitadel/zitadel/security/advisories/GHSA-25rw-g6ff-fmg8ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.