PatchSiren cyber security CVE debrief
CVE-2026-55669 zitadel CVE debrief
A vulnerability was found in ZITADEL, an open-source identity management platform. The external JWT Identity Provider does not validate the audience (aud) claim of a token, allowing a validly signed token from a trusted issuer for another relying party to be accepted. This issue was fixed in versions 3.4.12 and 4.15.2. The vulnerability exists due to insufficient validation of the audience claim in JWT tokens, which could lead to unauthorized access. Users of ZITADEL should review their configurations and update to the latest version to mitigate this vulnerability.
- Vendor
- zitadel
- Product
- Unknown
- CVSS
- MEDIUM 4.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Users of ZITADEL versions prior to 3.4.12 or 4.15.2 who utilize an external JWT Identity Provider should verify their configurations and update to the latest version to mitigate this vulnerability. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review affected scope, severity, and vendor guidance.
Technical summary
The vulnerability exists in ZITADEL's external JWT Identity Provider validation process. Specifically, it fails to validate the audience (aud) claim of a token, which could allow an attacker to use a validly signed token from a trusted issuer intended for another relying party. This issue has been addressed with the release of ZITADEL versions 3.4.12 and 4.15.2. Affected product deployments should be reviewed, and owners should be assigned for follow-up. Compensating controls should be considered for exposed systems while remediation is scheduled and verified.
Defensive priority
Medium priority should be given to updating ZITADEL to versions 3.4.12 or 4.15.2, as the vulnerability allows for potential unauthorized access through the use of improperly validated JWT tokens.
Recommended defensive actions
- Update ZITADEL to version 3.4.12 or 4.15.2
- Review and validate JWT Identity Provider configurations
- Monitor for unusual token validation activities
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-10T17:16:59.460Z and was last modified on 2026-07-10T19:17:25.870Z. The NVD entry is currently Deferred. The external JWT Identity Provider validation process vulnerability in ZITADEL allows for potential unauthorized access through improperly validated JWT tokens. Evidence of exploitation is limited, and defenders should verify configurations and update to the latest version to mitigate this vulnerability. Additional verification tasks include reviewing the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T17:16:59.460Z and has not been modified since then. The NVD entry is currently Deferred.