PatchSiren cyber security CVE debrief
CVE-2026-56667 zitadel CVE debrief
CVE-2026-56667 is a HIGH severity vulnerability in ZITADEL's Login V2 OIDC and SAML. Prior to version 4.15.3, the platform's FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check. This allows an organization or instance administrator to store a javascript or data URI that can execute in a user's browser when an affected login error path is reached. The vulnerability exists due to insufficient validation of redirect URIs.
- Vendor
- zitadel
- Product
- Unknown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-10
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-10
- Advisory updated
- 2026-07-10
Who should care
Administrators and users of ZITADEL's Login V2 OIDC and SAML should be aware of this vulnerability and take steps to upgrade to version 4.15.3 or apply compensating controls. Operators, platform administrators, vulnerability management teams, and security teams may be impacted by this vulnerability.
Technical summary
The vulnerability exists in ZITADEL's Login V2 OIDC and SAML implementation. When a FailedPrecondition error occurs, the platform returns loginSettings.defaultRedirectUri to router.push without validating it through the isSafeRedirectUri check. This oversight enables an administrator to store malicious URIs, such as javascript or data URIs, which can be executed in a user's browser when they encounter an affected login error path.
Defensive priority
Upgrade to version 4.15.3 or apply compensating controls to validate redirect URIs. Monitor for suspicious activity on login error paths.
Recommended defensive actions
- Upgrade to ZITADEL version 4.15.3 or later
- Implement compensating controls to validate redirect URIs
- Monitor for suspicious activity on login error paths
- Review official advisories for affected scope and severity
- Confirm whether affected product deployments exist in managed environments
- Track exceptions and retest remediated assets
Evidence notes
The CVE record was published on 2026-07-10T18:16:24.283Z and last modified on 2026-07-10T21:16:57.810Z. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify affected ZITADEL deployments and review official advisories for scope and severity.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T18:16:24.283Z and has not been modified since then. The NVD entry is currently Deferred.