{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T07:26:31.892","vulnerabilities":[{"cve":{"id":"CVE-2026-32131","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T22:16:32.957","lastModified":"2026-03-16T16:52:22.903","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.grant.read, or project.app.read) to retrieve management-plane information belonging to other organizations by specifying a different tenant’s project_id, grant_id, or app_id. This vulnerability is fixed in 3.4.8 and 4.12.2."},{"lang":"es","value":"ZITADEL es una plataforma de gestión de identidades de código abierto. Antes de las versiones 3.4.8 y 4.12.2, se ha reportado una vulnerabilidad en la API de Gestión de Zitadel, que permitía a usuarios autenticados con un token válido de bajo privilegio (por ejemplo, project.read, project.grant.read o project.app.read) recuperar información del plano de gestión perteneciente a otras organizaciones especificando el project_id, grant_id o app_id de un inquilino diferente. Esta vulnerabilidad está corregida en las versiones 3.4.8 y 4.12.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-639"},{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.8","matchCriteriaId":"D10CA4D8-E0F2-4E5B-96D6-8A07147E3BCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.12.2","matchCriteriaId":"22086237-3579-411C-806B-D740008579B0"}]}]}],"references":[{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.8","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.12.2","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-wr6r-59xg-4pj2","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}