{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-27945", "tracking": { "current_release_date": "2026-03-29T18:48:27.440065Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-27945", "initial_release_date": "2026-02-26T01:25:10.644299Z", "revision_history": [ { "date": "2026-02-26T01:25:10.644299Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (3).| CWES updated (1)." }, { "date": "2026-02-26T01:25:21.187670Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-02-26T01:39:04.297435Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| References created (3).| CWES updated (1)." }, { "date": "2026-02-26T01:39:15.048455Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-02-26T07:34:45.652602Z", "number": "5", "summary": "NCSC Score updated." }, { "date": "2026-02-26T11:44:29.127203Z", "number": "6", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (105).| Products created (1).| References created (5).| CWES updated (1)." }, { "date": "2026-02-26T11:44:42.505103Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-02-26T14:13:22.866119Z", "number": "8", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-02-26T14:13:24.705147Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-02-26T17:43:03.042513Z", "number": "10", "summary": "Unknown change." }, { "date": "2026-02-27T21:39:42.021117Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (5).| CWES updated (1)." }, { "date": "2026-02-27T21:39:53.552732Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-02-28T06:12:57.872953Z", "number": "13", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| Products created (1).| References created (4).| CWES updated (1)." }, { "date": "2026-03-02T17:00:28.067346Z", "number": "14", "summary": "Products connected (973).| Products removed (1)." }, { "date": "2026-03-02T17:01:40.175823Z", "number": "15", "summary": "NCSC Score updated." }, { "date": "2026-03-03T15:35:25.126360Z", "number": "16", "summary": "Products connected (1).| Products removed (973)." }, { "date": "2026-03-03T15:35:37.961566Z", "number": "17", "summary": "NCSC Score updated." }, { "date": "2026-03-05T16:25:21.213177Z", "number": "18", "summary": "CVSS created.| Products created (1).| Product Identifiers created (2).| Products connected (1)." }, { "date": "2026-03-05T16:25:30.206579Z", "number": "19", "summary": "NCSC Score updated." }, { "date": "2026-03-20T09:39:23.686620Z", "number": "20", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:39:26.633549Z", "number": "21", "summary": "NCSC Score updated." }, { "date": "2026-03-25T18:15:26.042365Z", "number": "22", "summary": "Source created.| CVE status created. (valid)| Description created for source.| References created (4)." }, { "date": "2026-03-29T18:48:16.807270Z", "number": "23", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (2).| References created (6).| CWES updated (1)." }, { "date": "2026-03-29T18:48:25.123596Z", "number": "24", "summary": "NCSC Score updated." } ], "status": "interim", "version": "24" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<1.80.0-v2.20.0.20260225053328-b2532e966621", "product": { "name": "vers:unknown/>=0|<1.80.0-v2.20.0.20260225053328-b2532e966621", "product_id": "CSAFPID-5737648" } }, { "category": "product_version_range", "name": "vers:unknown/>=2.59.0|<4.11.1", "product": { "name": "vers:unknown/>=2.59.0|<4.11.1", "product_id": "CSAFPID-5723443" } }, { "category": "product_version_range", "name": "vers:unknown/>=2.59.0|<=3.4.6", "product": { "name": "vers:unknown/>=2.59.0|<=3.4.6", "product_id": "CSAFPID-5762364", "product_identification_helper": { "cpe": "cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=4.0.0|<4.11.1", "product": { "name": "vers:unknown/>=4.0.0|<4.11.1", "product_id": "CSAFPID-5737643", "product_identification_helper": { "cpe": "cpe:2.3:a:zitadel:zitadel:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/v2.59.0", "product": { "name": "vers:unknown/v2.59.0", "product_id": "CSAFPID-3726060" } }, { "category": "product_version_range", "name": "vers:unknown/v2.59.1", "product": { "name": "vers:unknown/v2.59.1", "product_id": "CSAFPID-3726061" } }, { "category": "product_version_range", "name": "vers:unknown/v2.60.0", "product": { "name": "vers:unknown/v2.60.0", "product_id": "CSAFPID-3726062" } }, { "category": "product_version_range", "name": "vers:unknown/v2.61.0", "product": { "name": "vers:unknown/v2.61.0", "product_id": "CSAFPID-3726063" } }, { "category": "product_version_range", "name": "vers:unknown/v2.62.0", "product": { "name": "vers:unknown/v2.62.0", "product_id": "CSAFPID-3726064" } }, { "category": "product_version_range", "name": "vers:unknown/v2.62.1", "product": { "name": "vers:unknown/v2.62.1", "product_id": "CSAFPID-3726065" } }, { "category": "product_version_range", "name": "vers:unknown/v2.62.2", "product": { "name": "vers:unknown/v2.62.2", "product_id": "CSAFPID-3726066" } }, { "category": "product_version_range", "name": "vers:unknown/v2.62.3", "product": { "name": "vers:unknown/v2.62.3", "product_id": "CSAFPID-3726067" } }, { "category": "product_version_range", "name": "vers:unknown/v2.63.0", "product": { "name": "vers:unknown/v2.63.0", "product_id": "CSAFPID-3726068" } }, { "category": "product_version_range", "name": "vers:unknown/v2.63.1", "product": { "name": "vers:unknown/v2.63.1", "product_id": "CSAFPID-3726069" } }, { "category": "product_version_range", "name": "vers:unknown/v2.63.2", "product": { "name": "vers:unknown/v2.63.2", "product_id": "CSAFPID-3726070" } }, { "category": "product_version_range", "name": "vers:unknown/v2.63.3", "product": { "name": "vers:unknown/v2.63.3", "product_id": "CSAFPID-3726071" } }, { "category": "product_version_range", "name": "vers:unknown/v2.63.4", "product": { "name": "vers:unknown/v2.63.4", "product_id": "CSAFPID-3726072" } }, { "category": "product_version_range", "name": "vers:unknown/v2.64.0", "product": { "name": "vers:unknown/v2.64.0", "product_id": "CSAFPID-3726073" } }, { "category": "product_version_range", "name": "vers:unknown/v2.64.1", "product": { "name": "vers:unknown/v2.64.1", "product_id": "CSAFPID-3726074" } }, { "category": "product_version_range", "name": "vers:unknown/v2.65.0", "product": { "name": "vers:unknown/v2.65.0", "product_id": "CSAFPID-3726075" } }, { "category": "product_version_range", "name": "vers:unknown/v2.65.1", "product": { "name": "vers:unknown/v2.65.1", "product_id": "CSAFPID-3726076" } }, { "category": "product_version_range", "name": "vers:unknown/v2.65.2", "product": { "name": "vers:unknown/v2.65.2", "product_id": "CSAFPID-3726077" } }, { "category": "product_version_range", "name": "vers:unknown/v2.65.3", "product": { "name": "vers:unknown/v2.65.3", "product_id": "CSAFPID-3726078" } }, { "category": "product_version_range", "name": "vers:unknown/v2.65.4", "product": { "name": "vers:unknown/v2.65.4", "product_id": "CSAFPID-3726079" } }, { "category": "product_version_range", "name": "vers:unknown/v2.66.0", "product": { "name": "vers:unknown/v2.66.0", "product_id": "CSAFPID-3726080" } }, { "category": "product_version_range", "name": "vers:unknown/v2.66.1", "product": { "name": "vers:unknown/v2.66.1", "product_id": "CSAFPID-3726081" } }, { "category": "product_version_range", "name": "vers:unknown/v2.66.2", "product": { "name": "vers:unknown/v2.66.2", "product_id": "CSAFPID-3726082" } }, { "category": "product_version_range", "name": "vers:unknown/v2.66.3", "product": { "name": "vers:unknown/v2.66.3", "product_id": "CSAFPID-3726083" } }, { "category": "product_version_range", "name": "vers:unknown/v2.67.0", "product": { "name": "vers:unknown/v2.67.0", "product_id": "CSAFPID-3726084" } }, { "category": "product_version_range", "name": "vers:unknown/v2.67.1", "product": { "name": "vers:unknown/v2.67.1", "product_id": "CSAFPID-3726085" } }, { "category": "product_version_range", "name": "vers:unknown/v2.67.2", "product": { "name": "vers:unknown/v2.67.2", "product_id": "CSAFPID-3726086" } }, { "category": "product_version_range", "name": "vers:unknown/v2.67.3", "product": { "name": "vers:unknown/v2.67.3", "product_id": "CSAFPID-3726087" } }, { "category": "product_version_range", "name": "vers:unknown/v2.67.4", "product": { "name": "vers:unknown/v2.67.4", "product_id": "CSAFPID-3726088" } }, { "category": "product_version_range", "name": "vers:unknown/v2.68.0", "product": { "name": "vers:unknown/v2.68.0", "product_id": "CSAFPID-3726089" } }, { "category": "product_version_range", "name": "vers:unknown/v2.68.1", "product": { "name": "vers:unknown/v2.68.1", "product_id": "CSAFPID-3726090" } }, { "category": "product_version_range", "name": "vers:unknown/v2.69.0", "product": { "name": "vers:unknown/v2.69.0", "product_id": "CSAFPID-3726091" } }, { "category": "product_version_range", "name": "vers:unknown/v2.69.1", "product": { "name": "vers:unknown/v2.69.1", "product_id": "CSAFPID-3726092" } }, { "category": "product_version_range", "name": "vers:unknown/v2.69.2", "product": { "name": "vers:unknown/v2.69.2", "product_id": "CSAFPID-3726093" } }, { "category": "product_version_range", "name": "vers:unknown/v2.69.3", "product": { "name": "vers:unknown/v2.69.3", "product_id": "CSAFPID-3726094" } }, { "category": "product_version_range", "name": "vers:unknown/v2.70.0", "product": { "name": "vers:unknown/v2.70.0", "product_id": "CSAFPID-3726095" } }, { "category": "product_version_range", "name": "vers:unknown/v2.70.1", "product": { "name": "vers:unknown/v2.70.1", "product_id": "CSAFPID-3726096" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.0", "product": { "name": "vers:unknown/v2.71.0", "product_id": "CSAFPID-3726097" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.1", "product": { "name": "vers:unknown/v2.71.1", "product_id": "CSAFPID-3726098" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.2", "product": { "name": "vers:unknown/v2.71.2", "product_id": "CSAFPID-3726104" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.3", "product": { "name": "vers:unknown/v2.71.3", "product_id": "CSAFPID-3726105" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.4", "product": { "name": "vers:unknown/v2.71.4", "product_id": "CSAFPID-3726106" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.5", "product": { "name": "vers:unknown/v2.71.5", "product_id": "CSAFPID-3726107" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.6", "product": { "name": "vers:unknown/v2.71.6", "product_id": "CSAFPID-3726108" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.7", "product": { "name": "vers:unknown/v2.71.7", "product_id": "CSAFPID-3726109" } }, { "category": "product_version_range", "name": "vers:unknown/v2.71.8", "product": { "name": "vers:unknown/v2.71.8", "product_id": "CSAFPID-3726110" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.0", "product": { "name": "vers:unknown/v3.0.0", "product_id": "CSAFPID-3726112" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.0-rc.1", "product": { "name": "vers:unknown/v3.0.0-rc.1", "product_id": "CSAFPID-3726113" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.0-rc.2", "product": { "name": "vers:unknown/v3.0.0-rc.2", "product_id": "CSAFPID-3726114" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.0-rc.3", "product": { "name": "vers:unknown/v3.0.0-rc.3", "product_id": "CSAFPID-3726115" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.1", "product": { "name": "vers:unknown/v3.0.1", "product_id": "CSAFPID-3726116" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.2", "product": { "name": "vers:unknown/v3.0.2", "product_id": "CSAFPID-3726117" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.3", "product": { "name": "vers:unknown/v3.0.3", "product_id": "CSAFPID-3726118" } }, { "category": "product_version_range", "name": "vers:unknown/v3.0.4", "product": { "name": "vers:unknown/v3.0.4", "product_id": "CSAFPID-3726119" } }, { "category": "product_version_range", "name": "vers:unknown/v3.1.0", "product": { "name": "vers:unknown/v3.1.0", "product_id": "CSAFPID-3726120" } }, { "category": "product_version_range", "name": "vers:unknown/v3.2.0", "product": { "name": "vers:unknown/v3.2.0", "product_id": "CSAFPID-3726121" } }, { "category": "product_version_range", "name": "vers:unknown/v3.2.1", "product": { "name": "vers:unknown/v3.2.1", "product_id": "CSAFPID-3726122" } }, { "category": "product_version_range", "name": "vers:unknown/v3.2.2", "product": { "name": "vers:unknown/v3.2.2", "product_id": "CSAFPID-3726123" } }, { "category": "product_version_range", "name": "vers:unknown/v3.2.3", "product": { "name": "vers:unknown/v3.2.3", "product_id": "CSAFPID-3726124" } }, { "category": "product_version_range", "name": "vers:unknown/v3.3.0", "product": { "name": "vers:unknown/v3.3.0", "product_id": "CSAFPID-3726125" } }, { "category": "product_version_range", "name": "vers:unknown/v3.3.1", "product": { "name": "vers:unknown/v3.3.1", "product_id": "CSAFPID-3726126" } }, { "category": "product_version_range", "name": "vers:unknown/v3.3.2", "product": { "name": "vers:unknown/v3.3.2", "product_id": "CSAFPID-3726127" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.0", "product": { "name": "vers:unknown/v4.0.0", "product_id": "CSAFPID-3726132" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.0-rc.1", "product": { "name": "vers:unknown/v4.0.0-rc.1", "product_id": "CSAFPID-3726133" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.0-rc.2", "product": { "name": "vers:unknown/v4.0.0-rc.2", "product_id": "CSAFPID-3726134" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.0-rc.3", "product": { "name": "vers:unknown/v4.0.0-rc.3", "product_id": "CSAFPID-3726135" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.0-rc.4", "product": { "name": "vers:unknown/v4.0.0-rc.4", "product_id": "CSAFPID-3726136" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.1", "product": { "name": "vers:unknown/v4.0.1", "product_id": "CSAFPID-3726137" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.2", "product": { "name": "vers:unknown/v4.0.2", "product_id": "CSAFPID-3726138" } }, { "category": "product_version_range", "name": "vers:unknown/v4.0.3", "product": { "name": "vers:unknown/v4.0.3", "product_id": "CSAFPID-5155087" } }, { "category": "product_version_range", "name": "vers:unknown/v4.1.0", "product": { "name": "vers:unknown/v4.1.0", "product_id": "CSAFPID-5155088" } }, { "category": "product_version_range", "name": "vers:unknown/v4.1.1", "product": { "name": "vers:unknown/v4.1.1", "product_id": "CSAFPID-5155089" } }, { "category": "product_version_range", "name": "vers:unknown/v4.1.2", "product": { "name": "vers:unknown/v4.1.2", "product_id": "CSAFPID-5155090" } }, { "category": "product_version_range", "name": "vers:unknown/v4.1.3", "product": { "name": "vers:unknown/v4.1.3", "product_id": "CSAFPID-5155091" } }, { "category": "product_version_range", "name": "vers:unknown/v4.1.4", "product": { "name": "vers:unknown/v4.1.4", "product_id": "CSAFPID-5155092" } }, { "category": "product_version_range", "name": "vers:unknown/v4.10.0", "product": { "name": "vers:unknown/v4.10.0", "product_id": "CSAFPID-5729234" } }, { "category": "product_version_range", "name": "vers:unknown/v4.10.1", "product": { "name": "vers:unknown/v4.10.1", "product_id": "CSAFPID-5729235" } }, { "category": "product_version_range", "name": "vers:unknown/v4.11.0", "product": { "name": "vers:unknown/v4.11.0", "product_id": "CSAFPID-5729238" } }, { "category": "product_version_range", "name": "vers:unknown/v4.2.0", "product": { "name": "vers:unknown/v4.2.0", "product_id": "CSAFPID-5155093" } }, { "category": "product_version_range", "name": "vers:unknown/v4.2.1", "product": { "name": "vers:unknown/v4.2.1", "product_id": "CSAFPID-5155094" } }, { "category": "product_version_range", "name": "vers:unknown/v4.2.2", "product": { "name": "vers:unknown/v4.2.2", "product_id": "CSAFPID-5155095" } }, { "category": "product_version_range", "name": "vers:unknown/v4.3.0", "product": { "name": "vers:unknown/v4.3.0", "product_id": "CSAFPID-5155096" } }, { "category": "product_version_range", "name": "vers:unknown/v4.3.1", "product": { "name": "vers:unknown/v4.3.1", "product_id": "CSAFPID-5155097" } }, { "category": "product_version_range", "name": "vers:unknown/v4.3.2", "product": { "name": "vers:unknown/v4.3.2", "product_id": "CSAFPID-5155098" } }, { "category": "product_version_range", "name": "vers:unknown/v4.3.3", "product": { "name": "vers:unknown/v4.3.3", "product_id": "CSAFPID-5155099" } }, { "category": "product_version_range", "name": "vers:unknown/v4.4.0", "product": { "name": "vers:unknown/v4.4.0", "product_id": "CSAFPID-5155100" } }, { "category": "product_version_range", "name": "vers:unknown/v4.5.0", "product": { "name": "vers:unknown/v4.5.0", "product_id": "CSAFPID-5155101" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.0", "product": { "name": "vers:unknown/v4.6.0", "product_id": "CSAFPID-5173267" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.1", "product": { "name": "vers:unknown/v4.6.1", "product_id": "CSAFPID-5173268" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.2", "product": { "name": "vers:unknown/v4.6.2", "product_id": "CSAFPID-5173269" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.3", "product": { "name": "vers:unknown/v4.6.3", "product_id": "CSAFPID-5186931" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.4", "product": { "name": "vers:unknown/v4.6.4", "product_id": "CSAFPID-5186932" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.5", "product": { "name": "vers:unknown/v4.6.5", "product_id": "CSAFPID-5186933" } }, { "category": "product_version_range", "name": "vers:unknown/v4.6.6", "product": { "name": "vers:unknown/v4.6.6", "product_id": "CSAFPID-5247563" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.0", "product": { "name": "vers:unknown/v4.7.0", "product_id": "CSAFPID-5247564" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.1", "product": { "name": "vers:unknown/v4.7.1", "product_id": "CSAFPID-5255885" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.2", "product": { "name": "vers:unknown/v4.7.2", "product_id": "CSAFPID-5437292" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.3", "product": { "name": "vers:unknown/v4.7.3", "product_id": "CSAFPID-5437293" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.4", "product": { "name": "vers:unknown/v4.7.4", "product_id": "CSAFPID-5437294" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.5", "product": { "name": "vers:unknown/v4.7.5", "product_id": "CSAFPID-5437295" } }, { "category": "product_version_range", "name": "vers:unknown/v4.7.6", "product": { "name": "vers:unknown/v4.7.6", "product_id": "CSAFPID-5437296" } }, { "category": "product_version_range", "name": "vers:unknown/v4.8.0", "product": { "name": "vers:unknown/v4.8.0", "product_id": "CSAFPID-5437297" } }, { "category": "product_version_range", "name": "vers:unknown/v4.8.1", "product": { "name": "vers:unknown/v4.8.1", "product_id": "CSAFPID-5437298" } }, { "category": "product_version_range", "name": "vers:unknown/v4.9.0", "product": { "name": "vers:unknown/v4.9.0", "product_id": "CSAFPID-5437299" } }, { "category": "product_version_range", "name": "vers:unknown/v4.9.1", "product": { "name": "vers:unknown/v4.9.1", "product_id": "CSAFPID-5729236" } }, { "category": "product_version_range", "name": "vers:unknown/v4.9.2", "product": { "name": "vers:unknown/v4.9.2", "product_id": "CSAFPID-5729237" } } ], "category": "product_name", "name": "Zitadel" } ], "category": "vendor", "name": "Zitadel" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/4.11.1", "product": { "name": "vers:unknown/4.11.1", "product_id": "CSAFPID-5961927" } }, { "category": "product_version_range", "name": "vers:unknown/>=2.59.0|<4.11.1", "product": { "name": "vers:unknown/>=2.59.0|<4.11.1", "product_id": "CSAFPID-5961928" } } ], "category": "product_name", "name": "go/github.com/zitadel/zitadel/v2" } ], "category": "vendor", "name": "zitadel" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-27945", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "notes": [ { "category": "description", "text": "ZITADEL is an open source identity management platform. Zitadel Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services. When the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF). Zitadel Actions expect responses according to specific schemas, which reduces the threat vector. The patch in version 4.11.1 resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied. Note that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible. If an upgrade is not possible, prevent actions from using unintended endpoints by setting network policies or firewall rules in one's own infrastructure. Note that this is outside of the functionality provided by Zitadel.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-27945" }, { "category": "description", "text": "ZITADEL is an open source identity management platform. Zitadel Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services. When the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF). Zitadel Actions expect responses according to specific schemas, which reduces the threat vector. The patch in version 4.11.1 resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied. Note that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible. If an upgrade is not possible, prevent actions from using unintended endpoints by setting network policies or firewall rules in one's own infrastructure. Note that this is outside of the functionality provided by Zitadel.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-27945" }, { "category": "description", "text": "ZITADEL is an open source identity management platform. Zitadel Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token. Zitadel's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services. When the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF). Zitadel Actions expect responses according to specific schemas, which reduces the threat vector. The patch in version 4.11.1 resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied. Note that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible. If an upgrade is not possible, prevent actions from using unintended endpoints by setting network policies or firewall rules in one's own infrastructure. Note that this is outside of the functionality provided by Zitadel.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27945.json?alt=media" }, { "category": "description", "text": "### Summary\n\nZITADEL Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token.\n\nZITADEL's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services.\n\n### Impact\n\nWhen the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF).\n\nZITADEL Actions expect responses according to specific schemas, which reduces the threat vector.\n\n### Affected Versions\n\nSystems running one of the following versions are affected:\n- **4.x**: `4.0.0` through `4.11.0` (including RC version)\n- **3.x**: `3.0.0` to `3.4.6` (including RC versions)\n- **2.x**: `2.59.0` to `2.71.19`\n\n### Patches\n\nThe vulnerability has been addressed in the latest releases. The patch resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied.\n\nNote that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible.\n\n4.x: Upgrade to >=[4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1)\n3.x: Update to >=[v4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1) or check out workarounds\n2.x: Update to >=[v4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1) or check out workarounds\n\n### Workarounds\n\nThe recommended solution is to update Zitadel to a patched version.\n\nIf an upgrade is not possible, users can prevent actions from using unintended endpoints by setting network policies or firewall rules in your infrastructure. Note that this is outside of the functionality provided by ZITADEL.\n\n### Questions\n\nIf there are any questions or comments about this advisory, please send an email to [security@zitadel.com](mailto:security@zitadel.com)\n\n### Credits\n\nThis vulnerability was found by [zentrust partners GmbH](https://zentrust.partners) during a scheduled penetration test. Thank you to the analysts Martin Tschirsich, Joud Zakharia, Christopher Baumann.\nThe full report will be made public after the complete review.", "title": "github - https://github.com/advisories/GHSA-7777-fhq9-592v" }, { "category": "description", "text": "### Summary\n\nZITADEL Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token.\n\nZITADEL's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services.\n\n### Impact\n\nWhen the URL points to a local host / IP address, an adversary might gather information about the internal network structure, the services exposed on internal hosts etc. This is sometimes called a Server-Side Request Forgery (SSRF).\n\nZITADEL Actions expect responses according to specific schemas, which reduces the threat vector.\n\n### Affected Versions\n\nSystems running one of the following versions are affected:\n- **4.x**: `4.0.0` through `4.11.0` (including RC version)\n- **3.x**: `3.0.0` to `3.4.6` (including RC versions)\n- **2.x**: `2.59.0` to `2.71.19`\n\n### Patches\n\nThe vulnerability has been addressed in the latest releases. The patch resolves the issue by checking the target URL against a denylist. By default localhost, resp. loopback IPs are denied.\n\nNote that this fix was only released on v4.x. Due to the stage (preview / beta) in which the functionality was in v2.x and v3.x, the changes that have been applied to it since then and the severity, respectively the actual thread vector, a backport to the corresponding versions was not feasible. Please check the workaround section for alternative solutions if an upgrade to v4.x is not possible.\n\n4.x: Upgrade to >=[4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1)\n3.x: Update to >=[v4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1) or check out workarounds\n2.x: Update to >=[v4.11.1](https://github.com/zitadel/zitadel/releases/tag/v4.11.1) or check out workarounds\n\n### Workarounds\n\nThe recommended solution is to update Zitadel to a patched version.\n\nIf an upgrade is not possible, users can prevent actions from using unintended endpoints by setting network policies or firewall rules in your infrastructure. Note that this is outside of the functionality provided by ZITADEL.\n\n### Questions\n\nIf there are any questions or comments about this advisory, please send an email to [security@zitadel.com](mailto:security@zitadel.com)\n\n### Credits\n\nThis vulnerability was found by [zentrust partners GmbH](https://zentrust.partners) during a scheduled penetration test. Thank you to the analysts Martin Tschirsich, Joud Zakharia, Christopher Baumann.\nThe full report will be made public after the complete review.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-7777-fhq9-592v.json?alt=media" }, { "category": "description", "text": "ZITADEL has potential SSRF via Actions in github.com/zitadel/zitadel.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/zitadel/zitadel from v2.59.0 before v4.11.1.", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4574.json?alt=media" }, { "category": "description", "text": "ZITADEL Action V2 (introduced as early preview in 2.59.0, beta in 3.0.0 and GA in 4.0.0) is a webhook based approach to allow developers act on API request to Zitadel and customize flows such the issue of a token.\n\nZITADEL's Action target URLs can point to local hosts, potentially allowing adversaries to gather internal network information and connect to internal services.", "title": "gitlab - https://gitlab.com/api/v4/projects/25847700/repository/files/go%2Fgithub.com%2Fzitadel%2Fzitadel%2Fv2%2FCVE-2026-27945.yml/raw" }, { "category": "other", "text": "0.00041", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" }, { "category": "other", "text": "2.1", "title": "CVSSV4 base score" }, { "category": "other", "text": "4.4", "title": "NCSC Score" }, { "category": "other", "text": "The value of the most recent CVSS (V3) score, Is related to (a version of) an uncommon product", "title": "NCSC Score top decreasing factors" } ], "product_status": { "fixed": [ "CSAFPID-5961927" ], "known_affected": [ "CSAFPID-5723443", "CSAFPID-3726060", "CSAFPID-3726061", "CSAFPID-3726062", "CSAFPID-3726063", "CSAFPID-3726064", "CSAFPID-3726065", "CSAFPID-3726066", "CSAFPID-3726067", "CSAFPID-3726068", "CSAFPID-3726069", "CSAFPID-3726070", "CSAFPID-3726071", "CSAFPID-3726072", "CSAFPID-3726073", "CSAFPID-3726074", "CSAFPID-3726075", "CSAFPID-3726076", "CSAFPID-3726077", "CSAFPID-3726078", "CSAFPID-3726079", "CSAFPID-3726080", "CSAFPID-3726081", "CSAFPID-3726082", "CSAFPID-3726083", "CSAFPID-3726084", "CSAFPID-3726085", "CSAFPID-3726086", "CSAFPID-3726087", "CSAFPID-3726088", "CSAFPID-3726089", "CSAFPID-3726090", "CSAFPID-3726091", "CSAFPID-3726092", "CSAFPID-3726093", "CSAFPID-3726094", "CSAFPID-3726095", "CSAFPID-3726096", "CSAFPID-3726097", "CSAFPID-3726098", "CSAFPID-3726104", "CSAFPID-3726105", "CSAFPID-3726106", "CSAFPID-3726107", "CSAFPID-3726108", "CSAFPID-3726109", "CSAFPID-3726110", "CSAFPID-3726112", "CSAFPID-3726113", "CSAFPID-3726114", "CSAFPID-3726115", "CSAFPID-3726116", "CSAFPID-3726117", "CSAFPID-3726118", "CSAFPID-3726119", "CSAFPID-3726120", "CSAFPID-3726121", "CSAFPID-3726122", "CSAFPID-3726123", "CSAFPID-3726124", "CSAFPID-3726125", "CSAFPID-3726126", "CSAFPID-3726127", "CSAFPID-3726132", "CSAFPID-3726133", "CSAFPID-3726134", "CSAFPID-3726135", "CSAFPID-3726136", "CSAFPID-3726137", "CSAFPID-3726138", "CSAFPID-5155087", "CSAFPID-5155088", "CSAFPID-5155089", "CSAFPID-5155090", "CSAFPID-5155091", "CSAFPID-5155092", "CSAFPID-5155093", "CSAFPID-5155094", "CSAFPID-5155095", "CSAFPID-5155096", "CSAFPID-5155097", "CSAFPID-5155098", "CSAFPID-5155099", "CSAFPID-5155100", "CSAFPID-5155101", "CSAFPID-5173267", "CSAFPID-5173268", "CSAFPID-5173269", "CSAFPID-5186931", "CSAFPID-5186932", "CSAFPID-5186933", "CSAFPID-5247563", "CSAFPID-5247564", "CSAFPID-5255885", "CSAFPID-5437292", "CSAFPID-5437293", "CSAFPID-5437294", "CSAFPID-5437295", "CSAFPID-5437296", "CSAFPID-5437297", "CSAFPID-5437298", "CSAFPID-5437299", "CSAFPID-5729234", "CSAFPID-5729235", "CSAFPID-5729236", "CSAFPID-5729237", "CSAFPID-5737648", "CSAFPID-5729238", "CSAFPID-5737643", "CSAFPID-5762364", "CSAFPID-5961928" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27945" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-27945" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27945" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/27xxx/CVE-2026-27945.json" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/GIT%2FCVE-2026-27945.json?alt=media" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27945" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-7777-fhq9-592v" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-7777-fhq9-592v" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGHSA-7777-fhq9-592v.json?alt=media" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/Go%2FGO-2026-4574.json?alt=media" }, { "category": "external", "summary": "Source - gitlab", "url": "https://gitlab.com/api/v4/projects/25847700/repository/files/go%2Fgithub.com%2Fzitadel%2Fzitadel%2Fv2%2FCVE-2026-27945.yml/raw" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd; osv", "url": "https://github.com/zitadel/zitadel/releases/tag/v3.4.7" }, { "category": "external", "summary": "Reference - cveprojectv5; nvd; osv", "url": "https://github.com/zitadel/zitadel/releases/tag/v4.11.0" }, { "category": "external", "summary": "Reference - cveprojectv5; github; gitlab; nvd; osv", "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-7777-fhq9-592v" }, { "category": "external", "summary": "Reference - osv", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/27xxx/CVE-2026-27945.json" }, { "category": "external", "summary": "Reference - github; gitlab; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27945" }, { "category": "external", "summary": "Reference - github; gitlab; osv", "url": "https://github.com/zitadel/zitadel/commit/b2532e9666215bef04855d138ca716045bb74a06" }, { "category": "external", "summary": "Reference - github; gitlab; osv", "url": "https://github.com/zitadel/zitadel/releases/tag/v4.11.1" }, { "category": "external", "summary": "Reference - github; gitlab", "url": "https://github.com/advisories/GHSA-7777-fhq9-592v" }, { "category": "external", "summary": "Reference - gitlab", "url": "https://github.com/zitadel/zitadel" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-3726060", "CSAFPID-3726061", "CSAFPID-3726062", "CSAFPID-3726063", "CSAFPID-3726064", "CSAFPID-3726065", "CSAFPID-3726066", "CSAFPID-3726067", "CSAFPID-3726068", "CSAFPID-3726069", "CSAFPID-3726070", "CSAFPID-3726071", "CSAFPID-3726072", "CSAFPID-3726073", "CSAFPID-3726074", "CSAFPID-3726075", "CSAFPID-3726076", "CSAFPID-3726077", "CSAFPID-3726078", "CSAFPID-3726079", "CSAFPID-3726080", "CSAFPID-3726081", "CSAFPID-3726082", "CSAFPID-3726083", "CSAFPID-3726084", "CSAFPID-3726085", "CSAFPID-3726086", "CSAFPID-3726087", "CSAFPID-3726088", "CSAFPID-3726089", "CSAFPID-3726090", "CSAFPID-3726091", "CSAFPID-3726092", "CSAFPID-3726093", "CSAFPID-3726094", "CSAFPID-3726095", "CSAFPID-3726096", "CSAFPID-3726097", "CSAFPID-3726098", "CSAFPID-3726104", "CSAFPID-3726105", "CSAFPID-3726106", "CSAFPID-3726107", "CSAFPID-3726108", "CSAFPID-3726109", "CSAFPID-3726110", "CSAFPID-3726112", "CSAFPID-3726113", "CSAFPID-3726114", "CSAFPID-3726115", "CSAFPID-3726116", "CSAFPID-3726117", "CSAFPID-3726118", "CSAFPID-3726119", "CSAFPID-3726120", "CSAFPID-3726121", "CSAFPID-3726122", "CSAFPID-3726123", "CSAFPID-3726124", "CSAFPID-3726125", "CSAFPID-3726126", "CSAFPID-3726127", "CSAFPID-3726132", "CSAFPID-3726133", "CSAFPID-3726134", "CSAFPID-3726135", "CSAFPID-3726136", "CSAFPID-3726137", "CSAFPID-3726138", "CSAFPID-5155087", "CSAFPID-5155088", "CSAFPID-5155089", "CSAFPID-5155090", "CSAFPID-5155091", "CSAFPID-5155092", "CSAFPID-5155093", "CSAFPID-5155094", "CSAFPID-5155095", "CSAFPID-5155096", "CSAFPID-5155097", "CSAFPID-5155098", "CSAFPID-5155099", "CSAFPID-5155100", "CSAFPID-5155101", "CSAFPID-5173267", "CSAFPID-5173268", "CSAFPID-5173269", "CSAFPID-5186931", "CSAFPID-5186932", "CSAFPID-5186933", "CSAFPID-5247563", "CSAFPID-5247564", "CSAFPID-5255885", "CSAFPID-5437292", "CSAFPID-5437293", "CSAFPID-5437294", "CSAFPID-5437295", "CSAFPID-5437296", "CSAFPID-5437297", "CSAFPID-5437298", "CSAFPID-5437299", "CSAFPID-5723443", "CSAFPID-5729234", "CSAFPID-5729235", "CSAFPID-5729236", "CSAFPID-5729237", "CSAFPID-5729238", "CSAFPID-5737643", "CSAFPID-5737648", "CSAFPID-5762364", "CSAFPID-5961928" ] } ], "title": "CVE-2026-27945" } ] }