Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.4.1
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.4.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.6.1
Latest_non_vulnerable_version26.6.1
Affected_by_vulnerabilities
0
url VCID-5vwq-aqk5-nkh9
vulnerability_id VCID-5vwq-aqk5-nkh9
summary 
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/security/cve/CVE-2026-1190
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03614
published_at 2026-04-02T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04597
published_at 2026-04-11T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04608
published_at 2026-04-09T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04592
published_at 2026-04-08T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04564
published_at 2026-04-13T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.04557
published_at 2026-04-07T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.0454
published_at 2026-04-16T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04549
published_at 2026-04-18T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.0458
published_at 2026-04-12T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04543
published_at 2026-04-04T12:55:00Z
10
value 0.00019
scoring_system epss
scoring_elements 0.05221
published_at 2026-04-26T12:55:00Z
11
value 0.00019
scoring_system epss
scoring_elements 0.05153
published_at 2026-04-21T12:55:00Z
12
value 0.00019
scoring_system epss
scoring_elements 0.0518
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45646
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-m3uj-4mag-kbf2
3
vulnerability VCID-mdkf-3bgs-w7dm
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-szbr-v2vq-3kbn
6
vulnerability VCID-ugtk-3bjv-s3a4
7
vulnerability VCID-v77w-st1u-pfe6
8
vulnerability VCID-xd7x-aevv-cfcp
9
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwq-aqk5-nkh9
1
url VCID-7c1j-kcbb-v3f1
vulnerability_id VCID-7c1j-kcbb-v3f1
summary 
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01414
published_at 2026-04-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01407
published_at 2026-04-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01402
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-02T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01408
published_at 2026-04-07T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01413
published_at 2026-04-08T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01842
published_at 2026-04-26T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-12T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01786
published_at 2026-04-13T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01775
published_at 2026-04-16T12:55:00Z
10
value 0.00012
scoring_system epss
scoring_elements 0.01773
published_at 2026-04-18T12:55:00Z
11
value 0.00012
scoring_system epss
scoring_elements 0.01857
published_at 2026-04-21T12:55:00Z
12
value 0.00012
scoring_system epss
scoring_elements 0.01846
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
8
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
9
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
12
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1
2
url VCID-gzz6-md9v-b3em
vulnerability_id VCID-gzz6-md9v-b3em
summary 
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07718
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07686
published_at 2026-04-02T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09145
published_at 2026-04-24T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09009
published_at 2026-04-07T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09089
published_at 2026-04-08T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.0912
published_at 2026-04-09T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09121
published_at 2026-04-11T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.0909
published_at 2026-04-26T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09076
published_at 2026-04-13T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.08971
published_at 2026-04-16T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.0895
published_at 2026-04-18T12:55:00Z
11
value 0.00032
scoring_system epss
scoring_elements 0.09103
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
8
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-mdkf-3bgs-w7dm
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-szbr-v2vq-3kbn
5
vulnerability VCID-tc9b-zzjt-63c7
6
vulnerability VCID-ugtk-3bjv-s3a4
7
vulnerability VCID-v77w-st1u-pfe6
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em
3
url VCID-m3uj-4mag-kbf2
vulnerability_id VCID-m3uj-4mag-kbf2
summary 
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/security/cve/CVE-2026-2733
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12857
published_at 2026-04-09T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12743
published_at 2026-04-26T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12781
published_at 2026-04-24T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12763
published_at 2026-04-21T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12651
published_at 2026-04-18T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12643
published_at 2026-04-16T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12741
published_at 2026-04-13T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12787
published_at 2026-04-12T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12823
published_at 2026-04-11T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12873
published_at 2026-04-02T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.12924
published_at 2026-04-04T12:55:00Z
11
value 0.00042
scoring_system epss
scoring_elements 0.12727
published_at 2026-04-07T12:55:00Z
12
value 0.00042
scoring_system epss
scoring_elements 0.12807
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
8
reference_url https://github.com/keycloak/keycloak/issues/46462
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46462
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-fjf4-6f34-w64q
reference_id GHSA-fjf4-6f34-w64q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjf4-6f34-w64q
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-mdkf-3bgs-w7dm
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-szbr-v2vq-3kbn
5
vulnerability VCID-ugtk-3bjv-s3a4
6
vulnerability VCID-v77w-st1u-pfe6
7
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2733, GHSA-fjf4-6f34-w64q
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3uj-4mag-kbf2
4
url VCID-mdkf-3bgs-w7dm
vulnerability_id VCID-mdkf-3bgs-w7dm
summary 
Keycloak Server-Side Request Forgery via OIDC token endpoint manipulation
A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
1
reference_url https://access.redhat.com/security/cve/CVE-2026-4874
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/security/cve/CVE-2026-4874
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06535
published_at 2026-04-12T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06645
published_at 2026-04-26T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.0663
published_at 2026-04-24T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06619
published_at 2026-04-21T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.06542
published_at 2026-04-11T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06526
published_at 2026-04-13T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.0647
published_at 2026-04-18T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06433
published_at 2026-04-02T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06461
published_at 2026-04-16T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.06468
published_at 2026-04-04T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06456
published_at 2026-04-07T12:55:00Z
11
value 0.00024
scoring_system epss
scoring_elements 0.06507
published_at 2026-04-08T12:55:00Z
12
value 0.00024
scoring_system epss
scoring_elements 0.06548
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
reference_id GHSA-22rm-wp4x-v5cx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4874, GHSA-22rm-wp4x-v5cx
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdkf-3bgs-w7dm
5
url VCID-qgbq-s33g-d7af
vulnerability_id VCID-qgbq-s33g-d7af
summary 
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-02T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16673
published_at 2026-04-08T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-04-11T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-09T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16588
published_at 2026-04-07T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16989
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19038
published_at 2026-04-13T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.18994
published_at 2026-04-16T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19006
published_at 2026-04-18T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.19015
published_at 2026-04-21T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.18907
published_at 2026-04-24T12:55:00Z
11
value 0.00061
scoring_system epss
scoring_elements 0.1889
published_at 2026-04-26T12:55:00Z
12
value 0.00061
scoring_system epss
scoring_elements 0.19091
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
8
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-ugtk-3bjv-s3a4
3
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af
6
url VCID-szbr-v2vq-3kbn
vulnerability_id VCID-szbr-v2vq-3kbn
summary 
Keycloak: manage-clients permission escalates to full realm admin access
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3121
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/security/cve/CVE-2026-3121
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.07847
published_at 2026-04-02T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08645
published_at 2026-04-26T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08668
published_at 2026-04-04T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08588
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08662
published_at 2026-04-12T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08686
published_at 2026-04-09T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08685
published_at 2026-04-11T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08649
published_at 2026-04-13T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08539
published_at 2026-04-16T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08526
published_at 2026-04-18T12:55:00Z
10
value 0.0003
scoring_system epss
scoring_elements 0.08679
published_at 2026-04-21T12:55:00Z
11
value 0.0003
scoring_system epss
scoring_elements 0.08691
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
8
reference_url https://github.com/keycloak/keycloak/issues/46719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46719
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
reference_id GHSA-7xf9-4jfc-wgm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3121, GHSA-7xf9-4jfc-wgm4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szbr-v2vq-3kbn
7
url VCID-ugtk-3bjv-s3a4
vulnerability_id VCID-ugtk-3bjv-s3a4
summary 
Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
1
reference_url https://access.redhat.com/security/cve/CVE-2026-4628
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4628
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06999
published_at 2026-04-12T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06973
published_at 2026-04-08T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07005
published_at 2026-04-09T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07009
published_at 2026-04-11T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.06992
published_at 2026-04-13T12:55:00Z
5
value 0.00025
scoring_system epss
scoring_elements 0.0705
published_at 2026-04-21T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.06915
published_at 2026-04-18T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.06885
published_at 2026-04-02T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.06931
published_at 2026-04-16T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.06934
published_at 2026-04-04T12:55:00Z
10
value 0.00025
scoring_system epss
scoring_elements 0.06918
published_at 2026-04-07T12:55:00Z
11
value 0.00029
scoring_system epss
scoring_elements 0.08234
published_at 2026-04-26T12:55:00Z
12
value 0.00029
scoring_system epss
scoring_elements 0.08274
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
reference_id GHSA-4pgc-gfrr-wcmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4628, GHSA-4pgc-gfrr-wcmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugtk-3bjv-s3a4
8
url VCID-v77w-st1u-pfe6
vulnerability_id VCID-v77w-st1u-pfe6
summary 
Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://access.redhat.com/security/cve/CVE-2026-3190
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06433
published_at 2026-04-02T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.0831
published_at 2026-04-09T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08228
published_at 2026-04-07T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08245
published_at 2026-04-26T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.08285
published_at 2026-04-24T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08307
published_at 2026-04-21T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08144
published_at 2026-04-18T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08157
published_at 2026-04-16T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08265
published_at 2026-04-13T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08281
published_at 2026-04-12T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08302
published_at 2026-04-11T12:55:00Z
11
value 0.00029
scoring_system epss
scoring_elements 0.08278
published_at 2026-04-04T12:55:00Z
12
value 0.00029
scoring_system epss
scoring_elements 0.08292
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
8
reference_url https://github.com/keycloak/keycloak/issues/46723
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46723
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id GHSA-q35r-vvhv-vx5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3190, GHSA-q35r-vvhv-vx5h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v77w-st1u-pfe6
9
url VCID-x4aw-v76q-vbdc
vulnerability_id VCID-x4aw-v76q-vbdc
summary 
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21370
1
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21371
2
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22088
3
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22089
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/security/cve/CVE-2025-12150
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01703
published_at 2026-04-26T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01619
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.0162
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01627
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-12T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01603
published_at 2026-04-13T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01591
published_at 2026-04-16T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-18T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01695
published_at 2026-04-21T12:55:00Z
10
value 0.00012
scoring_system epss
scoring_elements 0.01709
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
10
reference_url https://github.com/keycloak/keycloak/issues/35110
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35110
11
reference_url https://github.com/keycloak/keycloak/issues/43723
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://github.com/keycloak/keycloak/issues/43723
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
reference_id GHSA-7g5x-9c4v-4w5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.4
purl pkg:maven/org.keycloak/keycloak-services@26.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-mdkf-3bgs-w7dm
5
vulnerability VCID-qgbq-s33g-d7af
6
vulnerability VCID-szbr-v2vq-3kbn
7
vulnerability VCID-ugtk-3bjv-s3a4
8
vulnerability VCID-v77w-st1u-pfe6
9
vulnerability VCID-xd7x-aevv-cfcp
10
vulnerability VCID-xfnw-15sz-zyfr
11
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4
aliases CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4aw-v76q-vbdc
10
url VCID-xd7x-aevv-cfcp
vulnerability_id VCID-xd7x-aevv-cfcp
summary 
Keycloak: Denial of Service due to excessive SAMLRequest decompression
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/security/cve/CVE-2026-2575
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08543
published_at 2026-04-09T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08376
published_at 2026-04-18T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08393
published_at 2026-04-16T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08501
published_at 2026-04-13T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08517
published_at 2026-04-12T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08537
published_at 2026-04-11T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08475
published_at 2026-04-02T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08531
published_at 2026-04-04T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08449
published_at 2026-04-07T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08523
published_at 2026-04-08T12:55:00Z
10
value 0.00043
scoring_system epss
scoring_elements 0.13142
published_at 2026-04-24T12:55:00Z
11
value 0.00043
scoring_system epss
scoring_elements 0.13113
published_at 2026-04-26T12:55:00Z
12
value 0.00043
scoring_system epss
scoring_elements 0.13136
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
8
reference_url https://github.com/keycloak/keycloak/issues/46372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46372
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
reference_id GHSA-xv6h-r36f-3gp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-mdkf-3bgs-w7dm
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-szbr-v2vq-3kbn
5
vulnerability VCID-ugtk-3bjv-s3a4
6
vulnerability VCID-v77w-st1u-pfe6
7
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2575, GHSA-xv6h-r36f-3gp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd7x-aevv-cfcp
11
url VCID-xfnw-15sz-zyfr
vulnerability_id VCID-xfnw-15sz-zyfr
summary 
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01382
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-09T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01607
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-04T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.02147
published_at 2026-04-26T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02131
published_at 2026-04-11T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02116
published_at 2026-04-12T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02087
published_at 2026-04-16T12:55:00Z
10
value 0.00013
scoring_system epss
scoring_elements 0.021
published_at 2026-04-18T12:55:00Z
11
value 0.00013
scoring_system epss
scoring_elements 0.02187
published_at 2026-04-21T12:55:00Z
12
value 0.00013
scoring_system epss
scoring_elements 0.02157
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/security/cve/CVE-2025-14082
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
10
reference_url https://github.com/advisories/GHSA-6q37-7866-h27j
reference_id GHSA-6q37-7866-h27j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q37-7866-h27j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.0
purl pkg:maven/org.keycloak/keycloak-services@26.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-8vzz-naas-a7ab
3
vulnerability VCID-a5d9-k9vd-fyfe
4
vulnerability VCID-baux-3v7g-tucw
5
vulnerability VCID-gzz6-md9v-b3em
6
vulnerability VCID-j5bq-q689-qbg3
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-khfk-1gas-vfan
9
vulnerability VCID-m3uj-4mag-kbf2
10
vulnerability VCID-mdkf-3bgs-w7dm
11
vulnerability VCID-qgbq-s33g-d7af
12
vulnerability VCID-szbr-v2vq-3kbn
13
vulnerability VCID-tc9b-zzjt-63c7
14
vulnerability VCID-ugtk-3bjv-s3a4
15
vulnerability VCID-v77w-st1u-pfe6
16
vulnerability VCID-xd7x-aevv-cfcp
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0
aliases CVE-2025-14082, GHSA-6q37-7866-h27j
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnw-15sz-zyfr
12
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.49479
published_at 2026-04-26T12:55:00Z
11
value 0.00261
scoring_system epss
scoring_elements 0.4948
published_at 2026-04-21T12:55:00Z
12
value 0.00261
scoring_system epss
scoring_elements 0.4947
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdkf-3bgs-w7dm
1
vulnerability VCID-ugtk-3bjv-s3a4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
0
url VCID-epcy-krft-z7d4
vulnerability_id VCID-epcy-krft-z7d4
summary 
Keycloak does not invalidate sessions when "Remember Me" is disabled
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local "remember-me" flag without validating the current realm-level configuration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/errata/RHSA-2025:22088
1
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/errata/RHSA-2025:22089
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11429
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.30197
published_at 2026-04-08T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.30137
published_at 2026-04-07T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.3016
published_at 2026-04-16T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.30141
published_at 2026-04-18T12:55:00Z
4
value 0.00115
scoring_system epss
scoring_elements 0.30097
published_at 2026-04-21T12:55:00Z
5
value 0.00115
scoring_system epss
scoring_elements 0.30145
published_at 2026-04-13T12:55:00Z
6
value 0.00115
scoring_system epss
scoring_elements 0.30026
published_at 2026-04-24T12:55:00Z
7
value 0.00115
scoring_system epss
scoring_elements 0.30192
published_at 2026-04-12T12:55:00Z
8
value 0.00115
scoring_system epss
scoring_elements 0.30235
published_at 2026-04-11T12:55:00Z
9
value 0.00115
scoring_system epss
scoring_elements 0.30232
published_at 2026-04-09T12:55:00Z
10
value 0.00115
scoring_system epss
scoring_elements 0.30273
published_at 2026-04-02T12:55:00Z
11
value 0.00115
scoring_system epss
scoring_elements 0.29911
published_at 2026-04-26T12:55:00Z
12
value 0.00115
scoring_system epss
scoring_elements 0.30322
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11429
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402148
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2402148
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d
7
reference_url https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158
8
reference_url https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b
9
reference_url https://github.com/keycloak/keycloak/issues/43328
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://github.com/keycloak/keycloak/issues/43328
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2025-11429
reference_id CVE-2025-11429
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/
url https://access.redhat.com/security/cve/CVE-2025-11429
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11429
reference_id CVE-2025-11429
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11429
13
reference_url https://github.com/advisories/GHSA-64w3-5q9m-68xf
reference_id GHSA-64w3-5q9m-68xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-64w3-5q9m-68xf
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.11
purl pkg:maven/org.keycloak/keycloak-services@26.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.11
1
url pkg:maven/org.keycloak/keycloak-services@26.4.1
purl pkg:maven/org.keycloak/keycloak-services@26.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-mdkf-3bgs-w7dm
5
vulnerability VCID-qgbq-s33g-d7af
6
vulnerability VCID-szbr-v2vq-3kbn
7
vulnerability VCID-ugtk-3bjv-s3a4
8
vulnerability VCID-v77w-st1u-pfe6
9
vulnerability VCID-x4aw-v76q-vbdc
10
vulnerability VCID-xd7x-aevv-cfcp
11
vulnerability VCID-xfnw-15sz-zyfr
12
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.1
aliases CVE-2025-11429, GHSA-64w3-5q9m-68xf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epcy-krft-z7d4
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.1