We take the security of ZITADEL very seriously. If you believe you have found a security vulnerability in ZITADEL, we encourage you to report it to us immediately.

Please do not report security-related findings publicly via GitHub issues. Public disclosure of a security vulnerability could put the ZITADEL community at risk. Instead, please use our official vulnerability disclosure process.

Vulnerabilities should be reported through our dedicated portal: zitadel.com/vulnerability

For more details on our vulnerability policy, including scope and expectations, please refer to our official policy document: ZITADEL Vulnerability Disclosure Policy

When in doubt, the authoritative and most up-to-date source for our security reporting information is always our security.txt file: zitadel.com/.well-known/security.txt

We appreciate your help in keeping ZITADEL and its community safe!