1-Click to Compromise: Critical 9.3 CVSS Flaw in ZITADEL Exposes Accounts to Full Takeover

Security researchers have disclosed a high-severity vulnerability in ZITADEL, the popular open-source identity and access management (IAM) platform. The flaw, tracked as CVE-2026-29191 with a CVSS score of 9.3, could allow an unauthenticated attacker to take over user accounts with a single malicious click.

ZITADEL is widely used by teams to manage complex authentication needs, offering features like Single Sign-On (SSO) and Multi-Factor Authentication (MFA) out of the box. However, this latest discovery strikes at the platform’s Login V2 interface.

The vulnerability is rooted in an HTTP endpoint named /saml-post, which ZITADEL uses to handle requests to SAML Identity Providers (IdPs). This endpoint accepts two specific GET parameters: url and id.

The endpoint insecurely redirects users based on the url parameter. By providing a javascript: scheme instead of a standard web address, an attacker can force the victim’s browser to execute malicious code.

Additionally, the endpoint reflects user-supplied input directly in the server’s response without proper HTML encoding. This creates a classic Cross-Site Scripting (XSS) condition where arbitrary HTML and JavaScript can be injected into the user’s session.

An unauthenticated remote attacker can exploit these weaknesses to execute JavaScript on behalf of a ZITADEL user.

Once the malicious script is running, the attacker could “reset the password of their victims, and take over their accounts”. Notably, ZITADEL is vulnerable in its “default, out-of-the-box configuration,” meaning the risk exists even if the administrator hasn’t explicitly configured a SAML Identity Provider.

Important Mitigation Note: This specific attack vector is effectively mitigated for accounts that have Multi-Factor Authentication (MFA) or Passwordless authentication enabled.

The ZITADEL team has released a patch that fundamentally reworks how SAML integrations are handled.

Users running ZITADEL versions 4.0.0 through 4.11.1 are affected and should upgrade to version 4.12.0 or later immediately.

In the new version, the vulnerable /saml-post endpoint has been completely removed. Furthermore, the password-change page now “always requires the user’s current password,” regardless of the state of the authenticated session, providing a critical layer of defense against session hijacking.

If an immediate upgrade is not possible and your organization does not require SAML IdP integration, researchers recommend deploying a Web Application Firewall (WAF) or reverse proxy rule to block all access to the /saml-post endpoint.