CVE-2026-33132

Summary

Zitadel is missing enforcement of organization scopes in github.com/zitadel/zitadel

Severity

medium

EPSS

0.3% (p22)

Also known as

GHSA-g2pf-ww5m-2r9m, GO-2026-4751

Published

2026-03-23

References

• https://github.com/zitadel/zitadel/security/advisories/GHSA-g2pf-ww5m-2r9m
• https://nvd.nist.gov/vuln/detail/CVE-2026-33132
• https://github.com/zitadel/zitadel/commit/d90285929ca019fa817f31551fd0883429dda2a8

Related advisories

• CVE-2026-55672 — high · Go/github.com/zitadel/zitadel
• CVE-2026-44671 — high · Go/github.com/zitadel/zitadel
• CVE-2026-55669 — medium · Go/github.com/zitadel/zitadel
• GHSA-wxg7-w2v3-w38g — medium · Go/github.com/zitadel/zitadel
• CVE-2026-29191 — medium · Go/github.com/zitadel/zitadel
• CVE-2026-29192 — medium · Go/github.com/zitadel/zitadel
• CVE-2026-29193 — medium · Go/github.com/zitadel/zitadel
• CVE-2026-27840 — medium · Go/github.com/zitadel/zitadel

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity