CVE-2026-32131 | Zitadel up to 3.4.7/4.12.1 Organization project.app.read project_id/grant_id/app_id authorization (GHSA-wr6r-59xg-4pj2)

Inserito da Angelo Barbosa | Mar 12, 2026 | CVE

A vulnerability described as problematic has been identified in Zitadel up to 3.4.7/4.12.1. This vulnerability affects the function project.app.read of the component Organization Handler. The manipulation of the argument project_id/grant_id/app_id results in authorization bypass.

This vulnerability was named CVE-2026-32131. The attack may be performed from remote. There is no available exploit.

Upgrading the affected component is recommended.

CVE-2026-32131 | Zitadel up to 3.4.7/4.12.1 Organization project.app.read project_id/grant_id/app_id authorization (GHSA-wr6r-59xg-4pj2)

Post correlati

CVE-2025-61844 | Adobe Format Plugins up to 1.1.1 File out-of-bounds (apsb25-114)

CVE-2024-32114 | Apache ActiveMQ up to 6.1.1 Jolokia/REST API missing authentication

CVE-2024-6384 | MongoDB Enterprise Server up to 6.0.15/7.0.10/7.3.2 Hot Backup File improper authorization

CVE-2024-23346 | materialsproject pymatgen prior 2024.2.20 from_transformation_str command injection