{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:31:18.103","vulnerabilities":[{"cve":{"id":"CVE-2026-32132","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T22:16:33.120","lastModified":"2026-03-16T16:52:31.660","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow an attacker to potentially register their own passkey and gain access to the victim's account. This vulnerability is fixed in 3.4.8 and 4.12.2."},{"lang":"es","value":"ZITADEL es una plataforma de gestión de identidad de código abierto. Antes de las 3.4.8 y 4.12.2, existe una posible vulnerabilidad en los puntos finales de registro de passkey de Zitadel. Este punto final permite registrar una nueva passkey utilizando un código recuperado previamente. Una comprobación de caducidad incorrecta del código podría permitir a un atacante registrar potencialmente su propia passkey y obtener acceso a la cuenta de la víctima. Esta vulnerabilidad está corregida en las 3.4.8 y 4.12.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.8","matchCriteriaId":"D10CA4D8-E0F2-4E5B-96D6-8A07147E3BCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zitadel:zitadel:*:-:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.12.2","matchCriteriaId":"21EAC256-F692-4F79-BF00-FED9934BAA7A"}]}]}],"references":[{"url":"https://github.com/zitadel/zitadel/releases/tag/v3.4.8","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/zitadel/zitadel/releases/tag/v4.12.2","source":"security-advisories@github.com","tags":["Product"]},{"url":"https://github.com/zitadel/zitadel/security/advisories/GHSA-2x66-r53r-9r86","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}