A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical severity rating, this flaw resides in the platform’s login V2 interface, specifically within the /saml-post endpoint. It allows unauthenticated remote attackers to execute malicious JavaScript directly within a user’s browser. With a […] The post 1-Click ZITADEL Vulnerability Could Allow Full System Takeover appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/1-click-zitadel-vulnerability/
