Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.3.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.3.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2dgp-xdrz-q7dv
vulnerability_id VCID-2dgp-xdrz-q7dv
summary 
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

### Original Description
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15336
1
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15337
2
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15338
3
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15339
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-8419
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
8
reference_url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
reference_id GHSA-qj5r-2r5p-phc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-x4aw-v76q-vbdc
6
vulnerability VCID-xd7x-aevv-cfcp
7
vulnerability VCID-xfnw-15sz-zyfr
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases GHSA-qj5r-2r5p-phc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgp-xdrz-q7dv
1
url VCID-5vwq-aqk5-nkh9
vulnerability_id VCID-5vwq-aqk5-nkh9
summary 
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/security/cve/CVE-2026-1190
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03614
published_at 2026-04-02T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04608
published_at 2026-04-09T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04549
published_at 2026-04-18T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.0454
published_at 2026-04-16T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04564
published_at 2026-04-13T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.0458
published_at 2026-04-12T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04597
published_at 2026-04-11T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04543
published_at 2026-04-04T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04557
published_at 2026-04-07T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04592
published_at 2026-04-08T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05153
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45646
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-m3uj-4mag-kbf2
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-xd7x-aevv-cfcp
5
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwq-aqk5-nkh9
2
url VCID-7c1j-kcbb-v3f1
vulnerability_id VCID-7c1j-kcbb-v3f1
summary 
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01414
published_at 2026-04-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01407
published_at 2026-04-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01402
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-02T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01408
published_at 2026-04-07T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01413
published_at 2026-04-08T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01857
published_at 2026-04-21T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-12T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01786
published_at 2026-04-13T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01775
published_at 2026-04-16T12:55:00Z
10
value 0.00012
scoring_system epss
scoring_elements 0.01773
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
8
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
9
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
12
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1
3
url VCID-8vzz-naas-a7ab
vulnerability_id VCID-8vzz-naas-a7ab
summary 
Keycloak affected by improper invitation token validation
A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:2363
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://access.redhat.com/errata/RHSA-2026:2363
1
reference_url https://access.redhat.com/errata/RHSA-2026:2364
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://access.redhat.com/errata/RHSA-2026:2364
2
reference_url https://access.redhat.com/errata/RHSA-2026:2365
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://access.redhat.com/errata/RHSA-2026:2365
3
reference_url https://access.redhat.com/errata/RHSA-2026:2366
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://access.redhat.com/errata/RHSA-2026:2366
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1529.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1529.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-1529
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://access.redhat.com/security/cve/CVE-2026-1529
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1529
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01291
published_at 2026-04-08T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01295
published_at 2026-04-09T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01277
published_at 2026-04-11T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01271
published_at 2026-04-12T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01274
published_at 2026-04-13T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01265
published_at 2026-04-16T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01273
published_at 2026-04-02T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01276
published_at 2026-04-04T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01286
published_at 2026-04-07T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.01964
published_at 2026-04-21T12:55:00Z
10
value 0.00013
scoring_system epss
scoring_elements 0.01879
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1529
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433783
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2433783
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/82cd7941d1dd28fa14a67a6e6b912301f1a5e1a1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/82cd7941d1dd28fa14a67a6e6b912301f1a5e1a1
10
reference_url https://github.com/keycloak/keycloak/commit/8fc9a98026106a326f4faa98d4c9a48341ace2d7
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8fc9a98026106a326f4faa98d4c9a48341ace2d7
11
reference_url https://github.com/keycloak/keycloak/commit/b2519756487b519f95c07aa8b10afe003e492119
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b2519756487b519f95c07aa8b10afe003e492119
12
reference_url https://github.com/keycloak/keycloak/issues/46145
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46145
13
reference_url https://github.com/keycloak/keycloak/pull/46155
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46155
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1529
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1529
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
17
reference_url https://github.com/advisories/GHSA-hcvw-475w-8g7p
reference_id GHSA-hcvw-475w-8g7p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcvw-475w-8g7p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.9
purl pkg:maven/org.keycloak/keycloak-services@26.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9
1
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-m3uj-4mag-kbf2
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-xd7x-aevv-cfcp
5
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1529, GHSA-hcvw-475w-8g7p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vzz-naas-a7ab
4
url VCID-epcy-krft-z7d4
vulnerability_id VCID-epcy-krft-z7d4
summary 
Keycloak does not invalidate sessions when "Remember Me" is disabled
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local "remember-me" flag without validating the current realm-level configuration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/errata/RHSA-2025:22088
1
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/errata/RHSA-2025:22089
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11429
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30097
published_at 2026-04-21T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30273
published_at 2026-04-02T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.30322
published_at 2026-04-04T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30137
published_at 2026-04-07T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30197
published_at 2026-04-08T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30232
published_at 2026-04-09T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30235
published_at 2026-04-11T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30192
published_at 2026-04-12T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30145
published_at 2026-04-13T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.3016
published_at 2026-04-16T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30141
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11429
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2402148
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d
7
reference_url https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158
8
reference_url https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b
9
reference_url https://github.com/keycloak/keycloak/issues/43328
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/issues/43328
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2025-11429
reference_id CVE-2025-11429
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/security/cve/CVE-2025-11429
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11429
reference_id CVE-2025-11429
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11429
13
reference_url https://github.com/advisories/GHSA-64w3-5q9m-68xf
reference_id GHSA-64w3-5q9m-68xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64w3-5q9m-68xf
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.1
purl pkg:maven/org.keycloak/keycloak-services@26.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-x4aw-v76q-vbdc
6
vulnerability VCID-xd7x-aevv-cfcp
7
vulnerability VCID-xfnw-15sz-zyfr
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.1
aliases CVE-2025-11429, GHSA-64w3-5q9m-68xf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epcy-krft-z7d4
5
url VCID-gnxr-2t9g-4ye4
vulnerability_id VCID-gnxr-2t9g-4ye4
summary 
Keycloak SMTP Inject Vulnerability
Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15336
1
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15337
2
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15338
3
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15339
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05423
published_at 2026-04-07T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05458
published_at 2026-04-08T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05415
published_at 2026-04-04T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05384
published_at 2026-04-02T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05478
published_at 2026-04-09T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.06059
published_at 2026-04-21T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.0595
published_at 2026-04-11T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05941
published_at 2026-04-12T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05932
published_at 2026-04-13T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05897
published_at 2026-04-16T12:55:00Z
10
value 0.00022
scoring_system epss
scoring_elements 0.05908
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
reference_id cpe:/a:redhat:build_keycloak:26.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
reference_id cpe:/a:redhat:build_keycloak:26.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/security/cve/CVE-2025-8419
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
14
reference_url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
15
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-x4aw-v76q-vbdc
6
vulnerability VCID-xd7x-aevv-cfcp
7
vulnerability VCID-xfnw-15sz-zyfr
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases CVE-2025-8419, GHSA-m4j5-5x4r-2xp9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxr-2t9g-4ye4
6
url VCID-gzz6-md9v-b3em
vulnerability_id VCID-gzz6-md9v-b3em
summary 
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07718
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07686
published_at 2026-04-02T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09121
published_at 2026-04-11T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.0909
published_at 2026-04-12T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09076
published_at 2026-04-13T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.08971
published_at 2026-04-16T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09009
published_at 2026-04-07T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.0895
published_at 2026-04-18T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09103
published_at 2026-04-21T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.0912
published_at 2026-04-09T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.09089
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
8
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-tc9b-zzjt-63c7
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em
7
url VCID-jsvn-26y8-q3ey
vulnerability_id VCID-jsvn-26y8-q3ey
summary 
Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:2363
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://access.redhat.com/errata/RHSA-2026:2363
1
reference_url https://access.redhat.com/errata/RHSA-2026:2364
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://access.redhat.com/errata/RHSA-2026:2364
2
reference_url https://access.redhat.com/errata/RHSA-2026:2365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://access.redhat.com/errata/RHSA-2026:2365
3
reference_url https://access.redhat.com/errata/RHSA-2026:2366
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://access.redhat.com/errata/RHSA-2026:2366
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14778.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14778.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14778
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://access.redhat.com/security/cve/CVE-2025-14778
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14778
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01158
published_at 2026-04-08T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01145
published_at 2026-04-04T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01139
published_at 2026-04-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.0113
published_at 2026-04-16T12:55:00Z
4
value 0.0001
scoring_system epss
scoring_elements 0.01153
published_at 2026-04-07T12:55:00Z
5
value 0.0001
scoring_system epss
scoring_elements 0.0116
published_at 2026-04-09T12:55:00Z
6
value 0.0001
scoring_system epss
scoring_elements 0.01144
published_at 2026-04-11T12:55:00Z
7
value 0.0001
scoring_system epss
scoring_elements 0.0114
published_at 2026-04-13T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01598
published_at 2026-04-18T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01688
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14778
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2422600
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2422600
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/issues/46147
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46147
10
reference_url https://github.com/keycloak/keycloak/pull/46154
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46154
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14778
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14778
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
14
reference_url https://github.com/advisories/GHSA-fm6w-rrp3-2x4w
reference_id GHSA-fm6w-rrp3-2x4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fm6w-rrp3-2x4w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.9
purl pkg:maven/org.keycloak/keycloak-services@26.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9
1
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-m3uj-4mag-kbf2
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-xd7x-aevv-cfcp
5
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2025-14778, GHSA-fm6w-rrp3-2x4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jsvn-26y8-q3ey
8
url VCID-m3uj-4mag-kbf2
vulnerability_id VCID-m3uj-4mag-kbf2
summary 
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/security/cve/CVE-2026-2733
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12763
published_at 2026-04-21T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12873
published_at 2026-04-02T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12924
published_at 2026-04-04T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12727
published_at 2026-04-07T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12807
published_at 2026-04-08T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12857
published_at 2026-04-09T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12823
published_at 2026-04-11T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12787
published_at 2026-04-12T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12741
published_at 2026-04-13T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12643
published_at 2026-04-16T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12651
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
8
reference_url https://github.com/keycloak/keycloak/issues/46462
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46462
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-fjf4-6f34-w64q
reference_id GHSA-fjf4-6f34-w64q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjf4-6f34-w64q
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2733, GHSA-fjf4-6f34-w64q
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3uj-4mag-kbf2
9
url VCID-mku9-3bpp-aqbk
vulnerability_id VCID-mku9-3bpp-aqbk
summary 
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.

### Original Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12015
1
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12016
2
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7784
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
6
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
8
reference_url https://github.com/advisories/GHSA-83j7-mhw9-388w
reference_id GHSA-83j7-mhw9-388w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83j7-mhw9-388w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.2
purl pkg:maven/org.keycloak/keycloak-services@26.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-gnxr-2t9g-4ye4
4
vulnerability VCID-gzz6-md9v-b3em
5
vulnerability VCID-m3uj-4mag-kbf2
6
vulnerability VCID-qgbq-s33g-d7af
7
vulnerability VCID-x4aw-v76q-vbdc
8
vulnerability VCID-xd7x-aevv-cfcp
9
vulnerability VCID-xfnw-15sz-zyfr
10
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2
aliases GHSA-83j7-mhw9-388w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mku9-3bpp-aqbk
10
url VCID-qgbq-s33g-d7af
vulnerability_id VCID-qgbq-s33g-d7af
summary 
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-02T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16588
published_at 2026-04-07T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16673
published_at 2026-04-08T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-09T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-04-11T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16989
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19015
published_at 2026-04-21T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19091
published_at 2026-04-12T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19038
published_at 2026-04-13T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.18994
published_at 2026-04-16T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19006
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
8
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af
11
url VCID-tc9b-zzjt-63c7
vulnerability_id VCID-tc9b-zzjt-63c7
summary 
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/security/cve/CVE-2026-2092
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23452
published_at 2026-04-09T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23401
published_at 2026-04-08T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23471
published_at 2026-04-11T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23329
published_at 2026-04-07T12:55:00Z
4
value 0.00079
scoring_system epss
scoring_elements 0.23508
published_at 2026-04-02T12:55:00Z
5
value 0.00079
scoring_system epss
scoring_elements 0.23433
published_at 2026-04-12T12:55:00Z
6
value 0.00079
scoring_system epss
scoring_elements 0.23378
published_at 2026-04-13T12:55:00Z
7
value 0.00079
scoring_system epss
scoring_elements 0.23396
published_at 2026-04-16T12:55:00Z
8
value 0.00079
scoring_system epss
scoring_elements 0.2339
published_at 2026-04-18T12:55:00Z
9
value 0.00079
scoring_system epss
scoring_elements 0.23545
published_at 2026-04-04T12:55:00Z
10
value 0.00091
scoring_system epss
scoring_elements 0.25573
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
13
reference_url https://github.com/advisories/GHSA-wmxr-6j5f-838p
reference_id GHSA-wmxr-6j5f-838p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmxr-6j5f-838p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.10
purl pkg:maven/org.keycloak/keycloak-services@26.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10
1
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-tc9b-zzjt-63c7
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9b-zzjt-63c7
12
url VCID-x4aw-v76q-vbdc
vulnerability_id VCID-x4aw-v76q-vbdc
summary 
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21370
1
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21371
2
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22088
3
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22089
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/security/cve/CVE-2025-12150
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-11T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-12T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01627
published_at 2026-04-09T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.0162
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01619
published_at 2026-04-07T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01591
published_at 2026-04-16T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-18T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01695
published_at 2026-04-21T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01603
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
10
reference_url https://github.com/keycloak/keycloak/issues/35110
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35110
11
reference_url https://github.com/keycloak/keycloak/issues/43723
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://github.com/keycloak/keycloak/issues/43723
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
reference_id GHSA-7g5x-9c4v-4w5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.4
purl pkg:maven/org.keycloak/keycloak-services@26.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-xd7x-aevv-cfcp
6
vulnerability VCID-xfnw-15sz-zyfr
7
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4
aliases CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4aw-v76q-vbdc
13
url VCID-xd7x-aevv-cfcp
vulnerability_id VCID-xd7x-aevv-cfcp
summary 
Keycloak: Denial of Service due to excessive SAMLRequest decompression
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/security/cve/CVE-2026-2575
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08543
published_at 2026-04-09T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08537
published_at 2026-04-11T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08393
published_at 2026-04-16T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08523
published_at 2026-04-08T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08449
published_at 2026-04-07T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08531
published_at 2026-04-04T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08517
published_at 2026-04-12T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08475
published_at 2026-04-02T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08376
published_at 2026-04-18T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08501
published_at 2026-04-13T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13136
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
8
reference_url https://github.com/keycloak/keycloak/issues/46372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46372
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
reference_id GHSA-xv6h-r36f-3gp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2575, GHSA-xv6h-r36f-3gp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd7x-aevv-cfcp
14
url VCID-xfnw-15sz-zyfr
vulnerability_id VCID-xfnw-15sz-zyfr
summary 
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01382
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-09T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01607
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-04T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02187
published_at 2026-04-21T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02131
published_at 2026-04-11T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02116
published_at 2026-04-12T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02087
published_at 2026-04-16T12:55:00Z
10
value 0.00013
scoring_system epss
scoring_elements 0.021
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/security/cve/CVE-2025-14082
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
10
reference_url https://github.com/advisories/GHSA-6q37-7866-h27j
reference_id GHSA-6q37-7866-h27j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q37-7866-h27j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.0
purl pkg:maven/org.keycloak/keycloak-services@26.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-8vzz-naas-a7ab
3
vulnerability VCID-a5d9-k9vd-fyfe
4
vulnerability VCID-baux-3v7g-tucw
5
vulnerability VCID-gzz6-md9v-b3em
6
vulnerability VCID-j5bq-q689-qbg3
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-khfk-1gas-vfan
9
vulnerability VCID-m3uj-4mag-kbf2
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-xd7x-aevv-cfcp
13
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0
aliases CVE-2025-14082, GHSA-6q37-7866-h27j
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnw-15sz-zyfr
15
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.4948
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdkf-3bgs-w7dm
1
vulnerability VCID-ugtk-3bjv-s3a4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
0
url VCID-5f8r-n4mm-y3g6
vulnerability_id VCID-5f8r-n4mm-y3g6
summary 
Keycloak phishing attack via email verification step in first login flow
There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity. 

This issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11986
1
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11987
2
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12015
3
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12016
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/security/cve/CVE-2025-7365
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02484
published_at 2026-04-02T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02498
published_at 2026-04-04T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03399
published_at 2026-04-21T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03357
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03312
published_at 2026-04-12T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03291
published_at 2026-04-13T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03267
published_at 2026-04-16T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03277
published_at 2026-04-18T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03362
published_at 2026-04-08T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03382
published_at 2026-04-09T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.03341
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/40446
10
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/40520
11
reference_url https://github.com/keycloak/keycloak/releases/tag/26.0.13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.0.13
12
reference_url https://github.com/keycloak/keycloak/releases/tag/26.2.6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.2.6
13
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
14
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
18
reference_url https://github.com/advisories/GHSA-xhpr-465j-7p9q
reference_id GHSA-xhpr-465j-7p9q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhpr-465j-7p9q
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.13
purl pkg:maven/org.keycloak/keycloak-services@26.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13
1
url pkg:maven/org.keycloak/keycloak-services@26.1.0
purl pkg:maven/org.keycloak/keycloak-services@26.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-bhrr-nn9f-7udu
4
vulnerability VCID-by72-dvnw-m3gu
5
vulnerability VCID-cdsa-wmby-ebbq
6
vulnerability VCID-d2rd-6u56-yfd8
7
vulnerability VCID-e4ub-v4ef-affb
8
vulnerability VCID-edwz-rqc3-fqa2
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0
2
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
3
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7365, GHSA-xhpr-465j-7p9q
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8r-n4mm-y3g6
1
url VCID-9f1k-z7z2-d7cc
vulnerability_id VCID-9f1k-z7z2-d7cc
summary 
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
A Privilege Escalation vulnerability was identified in the Keycloak identity and access management solution, specifically when FGAPv2 is enabled in version 26.2.x. The flaw lies in the admin permission enforcement logic, where a user with manage-users privileges can self-assign realm-admin rights. The escalation occurs due to missing privilege boundary checks in role mapping operations via the admin REST interface. A malicious administrator with limited permissions can exploit this by editing their own user roles, gaining unauthorized full access to realm configuration and user data.

This issue has been fixed in versions 26.2.6, and 26.3.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12015
1
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12016
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/security/cve/CVE-2025-7784
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.0315
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05442
published_at 2026-04-04T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05449
published_at 2026-04-07T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05484
published_at 2026-04-08T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05505
published_at 2026-04-09T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05479
published_at 2026-04-11T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05465
published_at 2026-04-12T12:55:00Z
7
value 0.00021
scoring_system epss
scoring_elements 0.0573
published_at 2026-04-21T12:55:00Z
8
value 0.00021
scoring_system epss
scoring_elements 0.05609
published_at 2026-04-13T12:55:00Z
9
value 0.00021
scoring_system epss
scoring_elements 0.05559
published_at 2026-04-16T12:55:00Z
10
value 0.00021
scoring_system epss
scoring_elements 0.05572
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
8
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
9
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-27gp-8389-hm4w
reference_id GHSA-27gp-8389-hm4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27gp-8389-hm4w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
1
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7784, GHSA-27gp-8389-hm4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f1k-z7z2-d7cc
2
url VCID-nxhc-rp71-hbdk
vulnerability_id VCID-nxhc-rp71-hbdk
summary 
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.

### Original Description
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:11986
1
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:11987
2
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12015
3
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12016
4
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7365
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/40446
8
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/40520
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
11
reference_url https://github.com/advisories/GHSA-gj52-35xm-gxjh
reference_id GHSA-gj52-35xm-gxjh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gj52-35xm-gxjh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases GHSA-gj52-35xm-gxjh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxhc-rp71-hbdk
3
url VCID-ver5-9t6m-c3ef
vulnerability_id VCID-ver5-9t6m-c3ef
summary 
Keycloak Admin REST API exposes backend schema and rules
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-14083
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/security/cve/CVE-2025-14083
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01682
published_at 2026-04-21T12:55:00Z
1
value 0.00035
scoring_system epss
scoring_elements 0.10165
published_at 2026-04-02T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10894
published_at 2026-04-08T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.10994
published_at 2026-04-04T12:55:00Z
4
value 0.00037
scoring_system epss
scoring_elements 0.10819
published_at 2026-04-07T12:55:00Z
5
value 0.00037
scoring_system epss
scoring_elements 0.10947
published_at 2026-04-09T12:55:00Z
6
value 0.00037
scoring_system epss
scoring_elements 0.1077
published_at 2026-04-18T12:55:00Z
7
value 0.00037
scoring_system epss
scoring_elements 0.10758
published_at 2026-04-16T12:55:00Z
8
value 0.00037
scoring_system epss
scoring_elements 0.10893
published_at 2026-04-13T12:55:00Z
9
value 0.00037
scoring_system epss
scoring_elements 0.10915
published_at 2026-04-12T12:55:00Z
10
value 0.00037
scoring_system epss
scoring_elements 0.10948
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45493
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45493
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://github.com/advisories/GHSA-594w-2fwp-jwrc
reference_id GHSA-594w-2fwp-jwrc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-594w-2fwp-jwrc
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-14083, GHSA-594w-2fwp-jwrc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ver5-9t6m-c3ef
4
url VCID-w5f1-xryr-fucq
vulnerability_id VCID-w5f1-xryr-fucq
summary 
Keycloak does not validate and update refresh token usage atomically
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1035
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/security/cve/CVE-2026-1035
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01295
published_at 2026-04-21T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01204
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01219
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01228
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01234
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01237
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.0122
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01214
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01216
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01209
published_at 2026-04-16T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01222
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45647
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
reference_id GHSA-m2w5-7xhv-w6fh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2026-1035, GHSA-m2w5-7xhv-w6fh
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5f1-xryr-fucq
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0