Skip to main content

Ziti

1 CVEs product

Monthly

CVE-2026-58165 HIGH POC PATCH This Week

Privilege escalation in OpenZiti through 2.0.0 lets an authenticated non-admin identity that holds fine-grained enrollment-management permissions mint an enrollment for any identity - including the built-in default administrator - and then redeem the resulting one-time token via the unauthenticated client enrollment API to receive a client certificate that authenticates as that admin, granting full control of the controller and the entire zero-trust overlay. The root cause is a missing authorization check (CWE-862) in the enrollment creation path. Publicly available exploit details exist (reported by VulnCheck, GitHub issue #4010) and a vendor fix is available; no public exploit identified as actively used at time of analysis.

Authentication Bypass Privilege Escalation Ziti
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

Privilege escalation in OpenZiti through 2.0.0 lets an authenticated non-admin identity that holds fine-grained enrollment-management permissions mint an enrollment for any identity - including the built-in default administrator - and then redeem the resulting one-time token via the unauthenticated client enrollment API to receive a client certificate that authenticates as that admin, granting full control of the controller and the entire zero-trust overlay. The root cause is a missing authorization check (CWE-862) in the enrollment creation path. Publicly available exploit details exist (reported by VulnCheck, GitHub issue #4010) and a vendor fix is available; no public exploit identified as actively used at time of analysis.

Authentication Bypass Privilege Escalation Ziti
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy