CVE-2026-32132

EPSS 0.4%
Veröffentlicht 11.03.2026 21:40:07
Zuletzt bearbeitet 16.03.2026 16:52:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

ZITADEL: Reactivation of Expired Passkey Registration Codes

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow an attacker to potentially register their own passkey and gain access to the victim's account. This vulnerability is fixed in 3.4.8 and 4.12.2.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zitadel ≫ Zitadel Version < 3.4.8

Zitadel ≫ Zitadel Update- Version >= 4.0.0 < 4.12.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.315

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://github.com/zitadel/zitadel/releases/tag/v3.4.8

Product

https://github.com/zitadel/zitadel/releases/tag/v4.12.2

Product

https://github.com/zitadel/zitadel/security/advisories/GHSA-2x66-r53r-9r86

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-32132

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32132

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32132

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32132