Description

ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can exploit this flaw to confirm the existence of valid user accounts by iterating through usernames and userIDs. This vulnerability is fixed in 4.9.1 and 3.4.6.

INFO

Published Date :

2026-01-15T19:09:06.154Z

Last Modified :

2026-01-15T19:56:24.164Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-23511 vulnerability.

Vendors Products
Zitadel
  • Zitadel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-23511.

URL Resource
https://github.com/zitadel/zitadel/commit/b85ab69e4679b0268e2b0e9b4cd04e934af10dd2 cve-icon cve-icon
https://github.com/zitadel/zitadel/commit/c300d4cc6a2775ab17ddfe76492f24170f8b858d cve-icon cve-icon
https://github.com/zitadel/zitadel/releases/tag/v3.4.6 cve-icon cve-icon
https://github.com/zitadel/zitadel/releases/tag/v4.9.1 cve-icon cve-icon
https://github.com/zitadel/zitadel/security/advisories/GHSA-pvm5-9frx-264r cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact