CVE-2026-44671— ZITADEL: LDAP Filter Injection in Login Flow

CVSS 7.5 · High EPSS 0.25% · P49 Updated May 16, 2026

Possible ATT&CK Techniques 3AI

T1078 · Valid Accounts T1110 · Brute Force T1556 · Modify Authentication Process

Affected Version Matrix 2

Vendor	Product	Version Range	Status
zitadel	zitadel	`>= 2.71.11, < 3.4.10`	affected
		`>= 4.0.0, < 4.15.0`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-44671

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

ZITADEL: LDAP Filter Injection in Login Flow

Source: NVD (National Vulnerability Database)

Vulnerability Description

ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to properly escape user-provided usernames before incorporating them into LDAP search filters. This allows unauthenticated attackers to perform LDAP Filter Injection during the login process. While this vulnerability does not allow for a full authentication bypass, an attacker can use LDAP metacharacters (such as *, (, )) to perform blind LDAP injection. By observing the different failure (or success) responses, an attacker can systematically enumerate valid usernames and extract sensitive attribute data from the connected LDAP directory. This vulnerability is fixed in 3.4.10 and 4.15.0.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

LDAP查询中使用的特殊元素转义处理不恰当(LDAP注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

ZITADEL 注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ZITADEL是瑞士ZITADEL开源的一个身份和访问管理平台。 ZITADEL 2.71.11版本至3.4.10之前版本和4.15.0之前版本存在注入漏洞，该漏洞源于LDAP身份提供程序实现未正确转义用户提供的用户名，可能导致LDAP过滤注入。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
zitadel	zitadel	>= 2.71.11, < 3.4.10	-

II. Public POCs for CVE-2026-44671

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

Qwen3.6-35B-A3B · 8047 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2026-44671

请登录查看更多情报信息。

https://github.com/zitadel/zitadel/releases/tag/v4.15.0x_refsource_MISC
https://github.com/zitadel/zitadel/releases/tag/v3.4.10x_refsource_MISC
https://github.com/zitadel/zitadel/security/advisories/GHSA-rxvx-hhpj-q6pxx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2026-44671

IV. Related Vulnerabilities

Same product: zitadel

Same vendor: zitadel

Same weakness: CWE-90

V. Comments for CVE-2026-44671

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-44671— ZITADEL: LDAP Filter Injection in Login Flow

Possible ATT&CK Techniques 3AI

Affected Version Matrix 2

I. Basic Information for CVE-2026-44671

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-44671

III. Intelligence Information for CVE-2026-44671

IV. Related Vulnerabilities

V. Comments for CVE-2026-44671

Leave a comment