PatchSiren cyber security CVE debrief
CVE-2026-55670 zitadel CVE debrief
A LOW-severity vulnerability was found in ZITADEL, an open-source identity management platform. The event store validation issue could retain the original resource owner for a deleted user identifier, potentially exposing users to unintended organization administrators. This issue is fixed in version 4.15.2. Administrators of ZITADEL installations, especially those with multiple organizations and user management, should be aware of this issue and take steps to ensure their systems are updated.
- Vendor
- zitadel
- Product
- Unknown
- CVSS
- LOW 2.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators of ZITADEL installations, especially those with multiple organizations and user management, should be aware of this issue and take steps to ensure their systems are updated. This includes reviewing user management and organization configurations, and monitoring for any unusual user provisioning activities.
Technical summary
Prior to version 4.15.1, ZITADEL's event store validation could retain the original resource owner for a deleted user identifier. This could lead to a later user recreated with the same identifier in another organization being provisioned under the original organization and exposed to that organization's administrator. The issue is fixed in version 4.15.2. Affected ZITADEL installations should be updated to prevent potential exposure.
Defensive priority
Low priority, but recommended to apply as part of regular maintenance. Administrators should review and apply the update as soon as possible to prevent potential exposure due to this vulnerability in ZITADEL installations prior to version 4.15.2, particularly those with multiple organizations and user management, should be aware of this issue and take steps to ensure their systems are updated. The event store validation issue could retain the original resource owner for a deleted user identifier, potentially exposing users to unintended organization administrators. This issue is fixed in version 4.15.2. Affected ZITADEL installations should be updated to prevent potential exposure. The CVE record was published on 2026-07-10T18:16:23.360Z and last modified on 2026-07-10T21:16:56.973Z. The NVD entry is currently Deferred. This issue affects ZITADEL installations prior to version 4.15.2, particularly those with multiple organizations and user management. Administrators should verify their systems and ensure they are updated. The event store validation issue could retain the original resource owner for a deleted user identifier, potentially exposing users to unintended organization administrators. A LOW-severity vulnerability was found in ZITADEL, an open-source identity management platform. The event store validation issue could retain the original resource owner for a deleted user identifier, potentially exposing users to unintended organization administrators. This issue is fixed in version 4.15.2. Administrators of ZITADEL installations, especially those with multiple organizations and user management, should be aware of this issue and take steps to ensure their systems are updated. Prior to version 4.15.1, ZITADEL's event store validation could retain the original resource owner for a deleted user identifier. This could lead to a later user recreated with the same identifier in another organization being provisioned under the original organization and exposed to that organization's administrator. The issue is fixed in version 4.15.2. Affected ZITADEL installations should be updated to prevent potential exposure. Administrators of ZITADEL installations, should
Recommended defensive actions
- Update ZITADEL to version 4.15.2 or later
- Review user management and organization configurations
- Monitor for any unusual user provisioning activities
- Perform a thorough review of current user provisioning activities to identify potential exposure
- Verify that all administrators have the necessary permissions and access controls in place
- Conduct a security audit to ensure that all systems are up-to-date and compliant with organizational security policies
- Implement additional monitoring and logging to detect potential security incidents related to user provisioning
Evidence notes
The CVE record was published on 2026-07-10T18:16:23.360Z and last modified on 2026-07-10T21:16:56.973Z. The NVD entry is currently Deferred. This issue affects ZITADEL installations prior to version 4.15.2, particularly those with multiple organizations and user management. Administrators should verify their systems and ensure they are updated. The event store validation issue could retain the original resource owner for a deleted user identifier, potentially exposing users to unintended organization administrators.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T18:16:23.360Z and has not been modified since then. The NVD entry is currently Deferred.