Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.3

ZITADEL: Password reset links can be manipulated by attackers

CVE-2026-29067 GHSA-pfrf-9r5f-73f5
Summary

ZITADEL's password reset feature for version 4.0.0-rc.1 to 4.7.0 is at risk. This means an attacker could potentially manipulate the password reset link sent to users, allowing them to access sensitive information. Update to version 4.7.1 to fix the issue.

What to do
  • Update github.com zitadel to version 1.80.0-v2.20.0.20251208091519-4c879b47334e.
  • Update github.com zitadel to version 4.7.1.
  • Update zitadel github.com/zitadel/zitadel to version 1.80.0-v2.20.0.20251208091519-4c879b47334e.
  • Update zitadel github.com/zitadel/zitadel to version 4.7.1.
  • Update zitadel github.com/zitadel/zitadel/v2 to version 1.80.0-v2.20.0.20251208091519-4c879b47334e.
Affected software
VendorProductAffected versionsFix available
github.com zitadel <= 1.80.0-v2.20.0.20251208091519-4c879b47334e 1.80.0-v2.20.0.20251208091519-4c879b47334e
github.com zitadel > 1.83.4 , <= 1.87.5
github.com zitadel > 4.0.0-rc.1 , <= 4.7.1 4.7.1
github.com zitadel <= 1.80.0-v2.20.0.20251208091519-4c879b47334e 1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadel github.com/zitadel/zitadel > 1.83.4 , <= 1.80.0-v2.20.0.20251208091519-4c879b47334e 1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadel github.com/zitadel/zitadel <= 1.80.0-v2.20.0.20251208091519-4c879b47334e 1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadel github.com/zitadel/zitadel > 1.83.4 , <= 1.87.5
zitadel github.com/zitadel/zitadel > 4.0.0-rc.1 , <= 4.7.1 4.7.1
zitadel github.com/zitadel/zitadel/v2 <= 1.80.0-v2.20.0.20251208091519-4c879b47334e 1.80.0-v2.20.0.20251208091519-4c879b47334e
zitadel zitadel > 4.0.0 , <= 4.7.1
Original title
ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Fo...
Original description
ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwarded or X-Forwarded-Host header from incoming requests to construct the URL for the password reset confirmation link. This link, containing a secret code, is then emailed to the user. This issue has been patched in version 4.7.1.
nvd CVSS3.1 8.1
Vulnerability type
CWE-601 Open Redirect
Published: 7 Mar 2026 · Updated: 13 Mar 2026 · First seen: 7 Mar 2026