CVE-2026-55672
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.4 / 10
Vulnerability Description
ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation)
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
go
Product
github.com/zitadel/zitadel
External References
- https://github.com/zitadel/zitadel/security/advisories/GHSA-xqxv-4jc2-x56x
- https://github.com/zitadel/zitadel/commit/0973b074b48816757c47fe732b06d2488d3d284c
- https://github.com/zitadel/zitadel/releases/tag/v3.4.12
- https://github.com/zitadel/zitadel/releases/tag/v4.15.2
- https://github.com/advisories/GHSA-xqxv-4jc2-x56x
Discussion (0)
Add Comment
No comments yet. Be the first!