PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-56665 zitadel CVE debrief

A vulnerability was found in ZITADEL, an open source identity management platform, affecting versions from 3.0.0-rc.1 through 3.4.11 and from 4.0.0-rc.1 through 4.15.1. The issue lies in the external JWT Identity Provider validation, where the system skips expiration handling when an incoming token omits the exp claim. This allows a token from a trusted issuer to be treated as valid without an automatic expiration window. The vulnerability is fixed in versions 3.4.12 and 4.15.2. Users should review their configurations and ensure they are running a patched version.

Vendor
zitadel
Product
Unknown
CVSS
MEDIUM 4.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-10
Original CVE updated
2026-07-10
Advisory published
2026-07-10
Advisory updated
2026-07-10

Who should care

Users of ZITADEL, especially those utilizing external JWT Identity Providers, should be aware of this vulnerability and ensure they are running a patched version of the software. This includes administrators and security teams responsible for managing ZITADEL deployments. Reviewing the configurations and updating to versions 3.4.12 or 4.15.2 is crucial to mitigate the risk associated with this vulnerability.

Technical summary

The vulnerability is caused by the lack of proper expiration handling in ZITADEL's external JWT Identity Provider validation. When an incoming token omits the exp claim, the system fails to enforce an automatic expiration window, potentially allowing the use of expired or malicious tokens. This issue was addressed by properly handling the expiration claim in versions 3.4.12 and 4.15.2. Affected users should review their configurations and update to a patched version.

Defensive priority

MEDIUM

Recommended defensive actions

  • Inventory and update ZITADEL to version 3.4.12 or 4.15.2 if currently using affected versions.
  • Review and adjust external JWT Identity Provider configurations to ensure proper expiration handling.
  • Monitor for any suspicious activity related to JWT token validation.
  • Verify the integrity of tokens used in the environment.
  • Conduct a thorough review of ZITADEL configurations and update documentation as necessary.
  • Perform vulnerability scanning to identify potential exposures.
  • Engage with the ZITADEL community or support for additional guidance on mitigation.

Evidence notes

The CVE record was published on 2026-07-10T18:16:24.020Z and was last modified on 2026-07-10T19:17:26.663Z. The NVD entry is currently Deferred. There is limited information available about the specific impact of this vulnerability. Users should verify the affected versions and configurations of ZITADEL in their environments. The CVE record and NVD entry provide the most current information on this vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T18:16:24.020Z and has not been modified since then. The NVD entry is currently Deferred.