Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-55669

MEDIUM NVD
CVSS Score 4.2
Severity MEDIUM
Published Jul 10, 2026
Vendor unknown

Description

ZITADEL is an open source identity management platform. Prior to 3.4.12 and 4.15.2, ZITADEL's external JWT Identity Provider validates a token's signature and issuer (iss) but not the audience (aud) claim, allowing a validly signed token from a trusted issuer for another relying party to be accepted by ZITADEL. This issue is fixed in versions 3.4.12 and 4.15.2.

References