CVE-2026-32131
- Source
- https://cve.org/CVERecord?id=CVE-2026-32131
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32131.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-32131
- Aliases
-
- GHSA-wr6r-59xg-4pj2
- Published
- 2026-03-11T21:38:51.942Z
- Modified
- 2026-04-10T05:42:19.539260Z
- Severity
-
- 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- ZITADEL Cross-Tenant Information Disclosure in Management API
- Details
-
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.grant.read, or project.app.read) to retrieve management-plane information belonging to other organizations by specifying a different tenant’s projectid, grantid, or app_id. This vulnerability is fixed in 3.4.8 and 4.12.2.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32131.json", "cwe_ids": [ "CWE-639", "CWE-862" ], "cna_assigner": "GitHub_M" }- References
-
- https://github.com/zitadel/zitadel/releases/tag/v3.4.8
- https://github.com/zitadel/zitadel/releases/tag/v4.12.2
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32131.json
- https://github.com/zitadel/zitadel/security/advisories/GHSA-wr6r-59xg-4pj2
- https://nvd.nist.gov/vuln/detail/CVE-2026-32131
Affected packages
Git / github.com/zitadel/zitadel
Affected ranges
Affected versions
2.*
2.20.0
Other
cnsl-feature-dev
feat-new-mail-templates-dev
v1-events-queries-dev
v0.*
v0.0.0
v0.1.0
v0.10.0
v0.11.0
v0.119.0
v0.119.1
v0.119.2
v0.119.3
v0.119.4
v0.119.5
v0.119.6
v0.12.0
v0.120.0
v0.120.1
v0.121.0
v0.121.1
v0.121.2
v0.122.0
v0.122.1
v0.122.2
v0.122.3
v0.122.4
v0.122.5
v0.123.0
v0.123.1
v0.123.2
v0.123.3
v0.123.4
v0.123.5
v0.124.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.19.0
v0.2.0
v0.20.0
v0.20.1
v0.20.2
v0.21.0
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.22.6
v0.22.7
v0.23.0
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.25.0
v0.25.1
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.29.1
v0.3.0
v0.3.1
v0.30.0
v0.30.1
v0.31.0
v0.31.1
v0.31.2
v0.31.3
v0.32.0
v0.32.1
v0.32.2
v0.33.0
v0.33.1
v0.33.2
v0.33.3
v0.33.4
v0.33.5
v0.34.0
v0.35.0
v0.35.1
v0.35.2
v0.36.0
v0.37.0
v0.38.0
v0.39.0
v0.39.1
v0.4.0
v0.4.1
v0.40.0
v0.40.1
v0.40.2
v0.40.3
v0.40.4
v0.41.0
v0.41.1
v0.42.0
v0.42.1
v0.42.2
v0.42.3
v0.42.4
v0.43.0
v0.43.1
v0.43.2
v0.44.0
v0.44.1
v0.44.2
v0.44.3
v0.45.0
v0.46.0
v0.46.1
v0.47.0
v0.47.1
v0.47.2
v0.47.3
v0.47.4
v0.47.5
v0.48.0
v0.49.0
v0.49.1
v0.5.0
v0.50.0
v0.51.0
v0.51.1
v0.52.0
v0.53.0
v0.53.1
v0.53.2
v0.53.3
v0.53.4
v0.53.5
v0.54.0
v0.54.1
v0.54.2
v0.54.3
v0.54.4
v0.54.5
v0.55.0
v0.55.1
v0.55.10
v0.55.11
v0.55.12
v0.55.13
v0.55.2
v0.55.3
v0.55.4
v0.55.5
v0.55.6
v0.55.7
v0.55.8
v0.55.9
v0.56.0
v0.56.1
v0.57.0
v0.57.1
v0.57.2
v0.58.0
v0.59.0
v0.59.1
v0.6.0
v0.60.0
v0.60.1
v0.61.0
v0.61.1
v0.61.2
v0.61.3
v0.61.4
v0.62.0
v0.63.0
v0.63.1
v0.64.0
v0.64.1
v0.64.2
v0.64.3
v0.64.4
v0.64.5
v0.64.6
v0.64.7
v0.65.0
v0.66.0
v0.66.1
v0.67.0
v0.67.1
v0.67.2
v0.68.0
v0.69.0
v0.69.1
v0.7.0
v0.70.0
v0.70.1
v0.71.0
v0.72.0
v0.73.0
v0.74.0
v0.74.1
v0.74.2
v0.74.3
v0.74.4
v0.75.0
v0.75.1
v0.75.2
v0.75.3
v0.75.4
v0.75.5
v0.76.0
v0.76.1
v0.76.2
v0.76.3
v0.77.0
v0.77.1
v0.77.2
v0.77.3
v0.77.4
v0.77.5
v0.78.0
v0.78.1
v0.78.2
v0.79.0
v0.8.0
v0.80.0
v0.80.1
v0.80.2
v0.81.0
v0.81.1
v0.81.2
v0.81.3
v0.81.4
v0.81.5
v0.81.6
v0.82.0
v0.82.1
v0.82.2
v0.82.3
v0.82.4
v0.83.0
v0.83.1
v0.83.2
v0.83.3
v0.83.4
v0.83.5
v0.83.6
v0.84.0
v0.84.1
v0.84.2
v0.84.3
v0.84.4
v0.85.0
v0.85.1
v0.85.2
v0.85.3
v0.85.4
v0.86.0
v0.86.1
v0.86.2
v0.87.0
v0.87.1
v0.88.0
v0.88.1
v0.88.2
v0.88.3
v0.9.0
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.1.0
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.11.0
v1.11.1
v1.12.0
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.13.0
v1.14.0
v1.14.1
v1.15.0
v1.15.1
v1.16.0
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.16.8
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.19.4
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.2.7
v1.20.0
v1.20.1
v1.20.2
v1.20.3
v1.20.4
v1.20.5
v1.21.0
v1.21.1
v1.21.2
v1.21.3
v1.21.4
v1.22.0
v1.22.1
v1.22.10
v1.22.11
v1.22.12
v1.22.13
v1.22.2
v1.22.3
v1.22.4
v1.22.5
v1.22.6
v1.22.7
v1.22.8
v1.22.9
v1.23.0
v1.23.1
v1.23.2
v1.23.3
v1.23.4
v1.23.5
v1.24.0
v1.24.1
v1.24.2
v1.25.0
v1.25.1
v1.26.0
v1.26.1
v1.27.0
v1.27.1
v1.27.2
v1.27.3
v1.27.4
v1.28.0
v1.28.1
v1.28.2
v1.28.3
v1.28.4
v1.29.0
v1.29.1
v1.29.2
v1.29.3
v1.29.4
v1.29.5
v1.29.6
v1.3.0
v1.30.0
v1.30.1
v1.30.2
v1.31.0
v1.31.1
v1.32.0
v1.32.1
v1.32.2
v1.32.3
v1.32.4
v1.32.5
v1.33.0
v1.33.1
v1.34.0
v1.34.1
v1.34.10
v1.34.11
v1.34.2
v1.34.3
v1.34.4
v1.34.5
v1.34.6
v1.34.7
v1.34.8
v1.34.9
v1.35.0
v1.35.1
v1.36.0
v1.37.0
v1.38.0
v1.39.0
v1.39.1
v1.4.0
v1.40.0
v1.41.0
v1.41.1
v1.41.2
v1.41.3
v1.41.4
v1.42.0
v1.42.1
v1.42.2
v1.43.0
v1.43.1
v1.43.2
v1.43.3
v1.43.4
v1.44.0
v1.44.1
v1.44.2
v1.44.3
v1.45.0
v1.45.1
v1.45.2
v1.45.3
v1.45.4
v1.45.5
v1.45.6
v1.46.0
v1.46.1
v1.46.2
v1.46.3
v1.46.4
v1.47.0
v1.47.1
v1.47.2
v1.47.3
v1.47.4
v1.47.5
v1.47.6
v1.48.0
v1.48.1
v1.48.2
v1.48.3
v1.48.4
v1.48.5
v1.48.6
v1.48.7
v1.48.8
v1.49.0
v1.49.1
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.50.0
v1.50.1
v1.50.2
v1.50.3
v1.50.4
v1.51.0
v1.52.0
v1.52.1
v1.52.2
v1.53.0
v1.53.1
v1.53.2
v1.54.0
v1.54.1
v1.54.10
v1.54.2
v1.54.3
v1.54.4
v1.54.5
v1.54.6
v1.54.7
v1.54.8
v1.54.9
v1.55.0
v1.55.1
v1.55.2
v1.56.0
v1.56.1
v1.56.10
v1.56.11
v1.56.12
v1.56.13
v1.56.14
v1.56.15
v1.56.16
v1.56.17
v1.56.18
v1.56.19
v1.56.2
v1.56.20
v1.56.21
v1.56.22
v1.56.3
v1.56.4
v1.56.5
v1.56.6
v1.56.7
v1.56.8
v1.56.9
v1.57.0
v1.57.1
v1.58.0
v1.59.0
v1.59.1
v1.59.2
v1.59.3
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.60.0
v1.60.1
v1.60.2
v1.60.3
v1.61.0
v1.62.0
v1.62.1
v1.62.2
v1.63.0
v1.64.0
v1.65.0
v1.66.0
v1.66.1
v1.66.2
v1.66.3
v1.66.4
v1.66.5
v1.66.6
v1.66.7
v1.66.8
v1.66.9
v1.67.0
v1.67.1
v1.68.0
v1.68.1
v1.69.0
v1.69.1
v1.69.2
v1.69.3
v1.69.4
v1.69.5
v1.69.6
v1.69.7
v1.69.8
v1.7.0
v1.7.1
v1.7.2
v1.7.3
v1.7.4
v1.70.0
v1.70.1
v1.70.2
v1.71.0
v1.71.1
v1.71.2
v1.72.0
v1.72.1
v1.73.0
v1.73.1
v1.73.2
v1.73.3
v1.73.4
v1.74.0
v1.75.0
v1.75.1
v1.75.2
v1.75.3
v1.75.4
v1.75.5
v1.75.6
v1.75.7
v1.75.8
v1.76.0
v1.76.1
v1.76.2
v1.77.0
v1.77.1
v1.77.2
v1.78.0
v1.79.0
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.80.0-v2.1
v1.80.0-v2.10
v1.80.0-v2.11
v1.80.0-v2.12
v1.80.0-v2.13
v1.80.0-v2.14
v1.80.0-v2.15
v1.80.0-v2.16
v1.80.0-v2.17
v1.80.0-v2.18
v1.80.0-v2.19
v1.80.0-v2.2
v1.80.0-v2.20
v1.80.0-v2.3
v1.80.0-v2.4
v1.80.0-v2.5
v1.80.0-v2.6
v1.80.0-v2.7
v1.80.0-v2.8
v1.80.0-v2.9
v1.9.0
v1.9.1
v1.9.2
v2.*
v2.0.0
v2.0.0-v2-alpha.1
v2.0.0-v2-alpha.10
v2.0.0-v2-alpha.11
v2.0.0-v2-alpha.12
v2.0.0-v2-alpha.13
v2.0.0-v2-alpha.14
v2.0.0-v2-alpha.15
v2.0.0-v2-alpha.16
v2.0.0-v2-alpha.17
v2.0.0-v2-alpha.18
v2.0.0-v2-alpha.19
v2.0.0-v2-alpha.2
v2.0.0-v2-alpha.20
v2.0.0-v2-alpha.21
v2.0.0-v2-alpha.22
v2.0.0-v2-alpha.23
v2.0.0-v2-alpha.24
v2.0.0-v2-alpha.25
v2.0.0-v2-alpha.26
v2.0.0-v2-alpha.27
v2.0.0-v2-alpha.28
v2.0.0-v2-alpha.29
v2.0.0-v2-alpha.3
v2.0.0-v2-alpha.30
v2.0.0-v2-alpha.31
v2.0.0-v2-alpha.32
v2.0.0-v2-alpha.33
v2.0.0-v2-alpha.34
v2.0.0-v2-alpha.35
v2.0.0-v2-alpha.36
v2.0.0-v2-alpha.37
v2.0.0-v2-alpha.38
v2.0.0-v2-alpha.39
v2.0.0-v2-alpha.4
v2.0.0-v2-alpha.40
v2.0.0-v2-alpha.41
v2.0.0-v2-alpha.42
v2.0.0-v2-alpha.43
v2.0.0-v2-alpha.44
v2.0.0-v2-alpha.5
v2.0.0-v2-alpha.6
v2.0.0-v2-alpha.7
v2.0.0-v2-alpha.8
v2.0.0-v2-alpha.9
v2.0.1
v2.1.0
v2.1.1
v2.10.0
v2.11.0
v2.11.1
v2.12.0
v2.13.0
v2.13.1
v2.14.0
v2.14.1
v2.14.2
v2.14.3
v2.14.4
v2.14.5
v2.15.0
v2.16.0
v2.16.1
v2.17.0
v2.17.1
v2.18.0
v2.19.0
v2.2.0
v2.20.0
v2.21.0
v2.22.0
v2.22.1
v2.22.2
v2.23.0
v2.23.1
v2.24.0
v2.25.0
v2.25.1
v2.25.2
v2.25.3
v2.26.0
v2.26.1
v2.26.2
v2.27.0
v2.27.1
v2.28.0
v2.28.1
v2.29.0
v2.29.1
v2.29.2
v2.29.3
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.30.0
v2.31.0
v2.31.1
v2.31.2
v2.31.3
v2.31.4
v2.31.5
v2.32.0
v2.33.0
v2.33.1
v2.34.0
v2.34.1
v2.35.0
v2.35.1
v2.36.0
v2.36.1
v2.36.2
v2.36.3
v2.37.0
v2.37.1
v2.37.2
v2.37.3
v2.38.0
v2.38.1
v2.39.0
v2.39.1
v2.39.2
v2.39.3
v2.4.0
v2.40.0
v2.40.1
v2.40.2
v2.40.3
v2.40.4
v2.40.5
v2.41.0
v2.41.1
v2.41.2
v2.41.3
v2.41.4
v2.41.5
v2.42.0
v2.42.1
v2.42.2
v2.42.3
v2.43.0
v2.43.1
v2.43.2
v2.43.3
v2.43.4
v2.43.5
v2.44.0
v2.44.1
v2.44.2
v2.45.0
v2.46.0
v2.47.0
v2.47.1
v2.47.2
v2.47.3
v2.47.4
v2.47.5
v2.47.6
v2.48.0
v2.48.1
v2.48.2
v2.48.3
v2.49.0
v2.49.1
v2.49.2
v2.49.3
v2.5.0
v2.5.1
v2.50.0
v2.50.1
v2.50.2
v2.50.3
v2.50.4
v2.50.5
v2.51.0
v2.51.1
v2.51.2
v2.51.3
v2.51.4
v2.52.0
v2.52.1
v2.53.0
v2.53.1
v2.53.2
v2.54.0
v2.54.1
v2.54.2
v2.54.3
v2.55.0
v2.55.1
v2.55.2
v2.56.0
v2.56.1
v2.57.0
v2.58.0
v2.58.1
v2.58.2
v2.58.3
v2.59.0
v2.59.1
v2.6.0
v2.60.0
v2.61.0
v2.62.0
v2.62.1
v2.62.2
v2.62.3
v2.63.0
v2.63.1
v2.63.2
v2.63.3
v2.63.4
v2.64.0
v2.64.1
v2.65.0
v2.65.1
v2.65.2
v2.65.3
v2.65.4
v2.66.0
v2.66.1
v2.66.2
v2.66.3
v2.67.0
v2.67.1
v2.67.2
v2.67.3
v2.67.4
v2.68.0
v2.68.1
v2.69.0
v2.69.1
v2.69.2
v2.69.3
v2.7.0
v2.70.0
v2.70.1
v2.71.0
v2.71.1
v2.71.2
v2.71.3
v2.71.4
v2.71.5
v2.71.6
v2.71.7
v2.71.8
v2.8.0
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.1.0
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.3.0
v3.3.1
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.4.0
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.1.0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.10.0
v4.10.1
v4.11.0
v4.11.1
v4.12.0
v4.12.1
v4.2.0
v4.2.1
v4.2.2
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.4.0
v4.5.0
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.6.4
v4.6.5
v4.6.6
v4.7.0
v4.7.1
v4.7.2
v4.7.3
v4.7.4
v4.7.5
v4.7.6
v4.8.0
v4.8.1
v4.9.0
v4.9.1
v4.9.2