CVE-2026-33132: Zitadel is missing enforcement of organization scopes
(updated )
A vulnerability in Zitadel’s OAuth2/OIDC interface, which allowed users to bypass organization enforcement during authentication.
References
- github.com/advisories/GHSA-g2pf-ww5m-2r9m
- github.com/zitadel/zitadel
- github.com/zitadel/zitadel/commit/d90285929ca019fa817f31551fd0883429dda2a8
- github.com/zitadel/zitadel/releases/tag/v3.4.9
- github.com/zitadel/zitadel/releases/tag/v4.12.3
- github.com/zitadel/zitadel/security/advisories/GHSA-g2pf-ww5m-2r9m
- nvd.nist.gov/vuln/detail/CVE-2026-33132
Code Behaviors & Features
Detect and mitigate CVE-2026-33132 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →