CVE-2026-56668
ZITADEL: Unauthorized Token Privilege Escalation in OAuth2 Token Exchange
CVSS Score
8.1
EPSS Score
0.2%
EPSS Percentile
14th
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's scopes, allowing a low-privilege token to be exchanged for elevated permissions at another application. This issue is fixed in version 4.15.3.
| CWE | CWE-862 |
| Vendor | zitadel |
| Product | zitadel |
| Published | Jul 10, 2026 |
| Last Updated | Jul 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for zitadel zitadel
Be the first to know when new high vulnerabilities affecting zitadel zitadel are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
zitadel / zitadel
< 4.15.3