-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from two key failures: 1) Token generation included deactivated grants, indicating missing state checks in grant retrieval or token assembly 2) APIs misreported grant states. Based on common patterns in identity systems and the described impact, the likely culprits are the user grant repository (data access layer), token service (authorization logic), and API handlers (state reporting). The medium confidence reflects the lack of direct commit evidence, but aligns with standard authorization flow components where such checks would normally occur.
GoGo| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/zitadel/zitadel/v2 | go | >= 2.62.0, < 2.62.1 | 2.62.1 |
| github.com/zitadel/zitadel/v2 | go | >= 2.61.0, < 2.61.1 | 2.61.1 |
| github.com/zitadel/zitadel/v2 | go | >= 2.60.0, < 2.60.2 | 2.60.2 |
| github.com/zitadel/zitadel/v2 | go | >= 2.59.0, < 2.59.3 | 2.59.3 |
| github.com/zitadel/zitadel/v2 | go | >= 2.58.0, < 2.58.5 | 2.58.5 |
| github.com/zitadel/zitadel/v2 | go | >= 2.57.0, < 2.57.5 | 2.57.5 |
| github.com/zitadel/zitadel/v2 | go | >= 2.56.0, < 2.56.6 | 2.56.6 |
| github.com/zitadel/zitadel/v2 | go | >= 2.55.0, < 2.55.8 | 2.55.8 |
| github.com/zitadel/zitadel/v2 | go | < 2.54.10 | 2.54.10 |
KEV Misses 88% of Exploited CVEs- Get the report