CVE-2026-27945
EPSS 0.05%ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel
Published: 2/27/2026Modified: 4/16/2026
Description
ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. (If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.) The additional affected modules and versions are: github.com/zitadel/zitadel from v2.59.0 before v4.11.1.
Affected packages (2)
- Go/github.com/zitadel/zitadelfrom 0, < 1.80.0-v2.20.0.20260225053328-b2532e966621
- Go/github.com/zitadel/zitadel/v2>= 2.59.0, < 4.11.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
References (5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-27945
- PATCHhttps://github.com/zitadel/zitadel
- WEBhttps://github.com/zitadel/zitadel/commit/b2532e9666215bef04855d138ca716045bb74a06
- WEBhttps://github.com/zitadel/zitadel/releases/tag/v4.11.1
- WEBhttps://github.com/zitadel/zitadel/security/advisories/GHSA-7777-fhq9-592v