### Summary Zitadel is vulnerable to an unauthenticated, full-read SSRF vulnerability. An unauthenticated remote attacker can force Zitadel into making HTTP requests to arbitrary domains, including internal addresses. The server then returns the upstream response to the attacker, enabling data exfiltration from internal services. ### Impact ZITADEL Login UI (V2) was vulnerable to service URL manipulation through the x-zitadel-forward-host header. The service URL resolution logic treated the header as a trusted fallback for all deployments, including self-hosted instances. This allowed unauthe…
GHSA-7wfc-4796-gmg5: ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
Zitadel is vulnerable to an unauthenticated, full-read SSRF via its V2 Login UI, allowing attackers to exfiltrate data from internal services.