CVE-2026-32131 | Zitadel up to 3.4.7/4.12.1 Organization project.app.read project_id/grant_id/app_id authorization (GHSA-wr6r-59xg-4pj2)

Inserito da Angelo Barbosa | Mar 12, 2026 | CVE

A vulnerability described as problematic has been identified in Zitadel up to 3.4.7/4.12.1. This vulnerability affects the function project.app.read of the component Organization Handler. The manipulation of the argument project_id/grant_id/app_id results in authorization bypass.

This vulnerability was named CVE-2026-32131. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-32131 | Zitadel up to 3.4.7/4.12.1 Organization project.app.read project_id/grant_id/app_id authorization (GHSA-wr6r-59xg-4pj2)

Post correlati

CVE-2025-12559 | Mattermost up to 10.5.12/10.11.4/10.12.1/11.0.2 Email Address common_teams information disclosure

CVE-2025-25206 | eLabFTW up to 5.1.14 Setting sql injection (GHSA-qffc-rfjh-77gg)

CVE-2024-25145 | Liferay Portal/DXP Search Result App cross site scripting

CVE-2025-66837 | Aris 10.0.23.0.3587512 PDF File unrestricted upload