Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-55670

Gravedad CVSS v4.0:
BAJA
Tipo:
CWE-284 Control de acceso incorrecto
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026

Descripción

*** Pendiente de traducción *** ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original organization and exposed to that organization's administrator. This issue is fixed in version 4.15.2.