Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.4
Zitadel Passkey Registration: Unauthorized Account Access Possible
CVE-2026-32132
Summary
Zitadel's passkey registration feature has a security issue that could allow an attacker to take control of a user's account. If left unaddressed, this could lead to unauthorized access to sensitive information. Update to version 3.4.8 or 4.12.2 to fix this issue.
Original title
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a n...
Original description
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow an attacker to potentially register their own passkey and gain access to the victim's account. This vulnerability is fixed in 3.4.8 and 4.12.2.
nvd CVSS3.1
7.4
Vulnerability type
CWE-613
Published: 11 Mar 2026 · Updated: 14 Mar 2026 · First seen: 11 Mar 2026