{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T23:09:13.094","vulnerabilities":[{"cve":{"id":"CVE-2026-29191","sourceIdentifier":"security-advisories@github.com","published":"2026-03-07T15:15:55.557","lastModified":"2026-06-17T10:29:45.100","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. From version 4.0.0 to 4.11.1, a vulnerability in Zitadel's login V2 interface was discovered that allowed a possible account takeover via XSS in /saml-post Endpoint. This issue has been patched in version 4.12.0."},{"lang":"es","value":"ZITADEL es una plataforma de gestión de identidades de código abierto. Desde la versión 4.0.0 hasta la 4.11.1, fue descubierta una vulnerabilidad en la interfaz de inicio de sesión V2 de Zitadel que permitía una posible toma de control de cuenta mediante XSS en el endpoint /saml-post. Este problema ha sido parcheado en la versión 4.12.0."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"zitadel","product":"zitadel","versions":[{"version":">= 4.0.0, < 4.12.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.8}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-09T20:39:52.757099Z","id":"CVE-2026-29191","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.12.0","matchCriteriaId":"45902C32-E4BA-459E-80C0-19CBDA6CD5F4"}]}]}],"references":[{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-pr34-2v5x-6qjq","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}