ZITADEL: Missing client_id binding in OIDC authorization code exchange and refresh token flows (RFC 6749 Section 4.1.3 violation) in github.com/zitadel/zitadel
{ "url": "https://pkg.go.dev/vuln/GO-2026-5768", "review_status": "UNREVIEWED" }
"https://vuln.go.dev/ID/GO-2026-5768.json"