PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56664 zitadel CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T18:16:23.890Z and has not been modified since then. ZITADEL, an open-source identity management platform, has a vulnerability in its external JWT Identity Provider validation. The vulnerability allows arbitrarily old tokens from a trusted issuer to pass authentication when an incoming token omits the iat claim. This issue is fixed in versions 3.4.12 and 4.15.2. Organizations using ZITADEL for identity management should verify their configurations and update to the fixed versions to mitigate this vulnerability.

Vendor
zitadel
Product
Unknown
CVSS
MEDIUM 4.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Organizations using ZITADEL for identity management should verify their configurations and update to versions 3.4.12 or 4.15.2 to mitigate this vulnerability. Additionally, security teams and vulnerability management teams should review the CVE record and NVD entry to understand the scope of the vulnerability and the fixed versions.

Technical summary

ZITADEL's external JWT Identity Provider validation bypasses the maximum token age freshness check when an incoming token omits the iat claim, allowing old tokens from a trusted issuer to pass authentication. This issue is fixed in versions 3.4.12 and 4.15.2. The vulnerability has a CVSS score of 4.2 and a severity of MEDIUM. The affected product is ZITADEL, and the vulnerability affects its external JWT Identity Provider validation.

Defensive priority

Medium priority due to the potential for authentication bypass.

Recommended defensive actions

  • Verify ZITADEL configurations for external JWT Identity Provider validation.
  • Update to ZITADEL versions 3.4.12 or 4.15.2.
  • Monitor authentication logs for suspicious activity.
  • Implement compensating controls for token validation.
  • Review CVE record and NVD entry for detailed information.
  • Track exceptions and retest remediated assets.
  • Check relevant monitoring, detection, and logs for exposed assets.

Evidence notes

The CVE record and NVD entry provide details on the vulnerability and fixed versions. Further investigation is needed to determine the full scope of affected systems, including verifying the configurations of ZITADEL's external JWT Identity Provider validation and reviewing authentication logs for suspicious activity. Additionally, defenders should verify the integrity of incoming tokens and ensure that the maximum token age freshness check is properly implemented.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T18:16:23.890Z and has not been modified since then.