CVE-2026-32131
⚠️ highSummary
ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token (e.g., project.read, project.grant.read, or project.app.read) to retrieve management-plane information belonging to other organizations by specifying a different tenant’s project_id, grant_id, or app_id. This vulnerability is fixed in 3.4.8 and 4.12.2.
CVSS Score
7.7
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-11
First Seen: 2026-03-12
📊 Relative Risk Intelligence
This CVE is Moderate Risk - more severe than 69.6% of all 330,193 vulnerabilities in our database.
#100,417
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 12, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by
CISA
Last Modified
2026-03-16
Source
NVD 🔗
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N