Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2dgp-xdrz-q7dv
vulnerability_id VCID-2dgp-xdrz-q7dv
summary 
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

### Original Description
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15336
1
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15337
2
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15338
3
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:15339
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-8419
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
8
reference_url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
reference_id GHSA-qj5r-2r5p-phc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-x4aw-v76q-vbdc
6
vulnerability VCID-xd7x-aevv-cfcp
7
vulnerability VCID-xfnw-15sz-zyfr
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases GHSA-qj5r-2r5p-phc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dgp-xdrz-q7dv
1
url VCID-5f8r-n4mm-y3g6
vulnerability_id VCID-5f8r-n4mm-y3g6
summary 
Keycloak phishing attack via email verification step in first login flow
There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity. 

This issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11986
1
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11987
2
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12015
3
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12016
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/security/cve/CVE-2025-7365
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02484
published_at 2026-04-02T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02498
published_at 2026-04-04T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03277
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03362
published_at 2026-04-08T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03382
published_at 2026-04-09T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03341
published_at 2026-04-11T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03312
published_at 2026-04-12T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03267
published_at 2026-04-16T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03357
published_at 2026-04-07T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03291
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/40446
10
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/40520
11
reference_url https://github.com/keycloak/keycloak/releases/tag/26.0.13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.0.13
12
reference_url https://github.com/keycloak/keycloak/releases/tag/26.2.6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.2.6
13
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
14
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
18
reference_url https://github.com/advisories/GHSA-xhpr-465j-7p9q
reference_id GHSA-xhpr-465j-7p9q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhpr-465j-7p9q
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.13
purl pkg:maven/org.keycloak/keycloak-services@26.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13
1
url pkg:maven/org.keycloak/keycloak-services@26.1.0
purl pkg:maven/org.keycloak/keycloak-services@26.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-bhrr-nn9f-7udu
4
vulnerability VCID-by72-dvnw-m3gu
5
vulnerability VCID-cdsa-wmby-ebbq
6
vulnerability VCID-d2rd-6u56-yfd8
7
vulnerability VCID-e4ub-v4ef-affb
8
vulnerability VCID-edwz-rqc3-fqa2
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0
2
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
3
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7365, GHSA-xhpr-465j-7p9q
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5f8r-n4mm-y3g6
2
url VCID-5vwq-aqk5-nkh9
vulnerability_id VCID-5vwq-aqk5-nkh9
summary 
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/security/cve/CVE-2026-1190
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03614
published_at 2026-04-02T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04592
published_at 2026-04-08T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04549
published_at 2026-04-18T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.0454
published_at 2026-04-16T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04564
published_at 2026-04-13T12:55:00Z
5
value 0.00018
scoring_system epss
scoring_elements 0.0458
published_at 2026-04-12T12:55:00Z
6
value 0.00018
scoring_system epss
scoring_elements 0.04597
published_at 2026-04-11T12:55:00Z
7
value 0.00018
scoring_system epss
scoring_elements 0.04608
published_at 2026-04-09T12:55:00Z
8
value 0.00018
scoring_system epss
scoring_elements 0.04543
published_at 2026-04-04T12:55:00Z
9
value 0.00018
scoring_system epss
scoring_elements 0.04557
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45646
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-m3uj-4mag-kbf2
3
vulnerability VCID-qgbq-s33g-d7af
4
vulnerability VCID-xd7x-aevv-cfcp
5
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vwq-aqk5-nkh9
3
url VCID-7c1j-kcbb-v3f1
vulnerability_id VCID-7c1j-kcbb-v3f1
summary 
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01414
published_at 2026-04-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01407
published_at 2026-04-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01402
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-02T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01408
published_at 2026-04-07T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01413
published_at 2026-04-08T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01773
published_at 2026-04-18T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-12T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01786
published_at 2026-04-13T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01775
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
8
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
9
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
12
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1
4
url VCID-bhrr-nn9f-7udu
vulnerability_id VCID-bhrr-nn9f-7udu
summary 
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:4335
1
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:4336
2
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3910
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
5
reference_url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
reference_id GHSA-fx44-2wx5-5fvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-uuf2-u7xh-uuef
12
vulnerability VCID-ver5-9t6m-c3ef
13
vulnerability VCID-w5f1-xryr-fucq
14
vulnerability VCID-x4aw-v76q-vbdc
15
vulnerability VCID-xd7x-aevv-cfcp
16
vulnerability VCID-xfnw-15sz-zyfr
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-fx44-2wx5-5fvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhrr-nn9f-7udu
5
url VCID-by72-dvnw-m3gu
vulnerability_id VCID-by72-dvnw-m3gu
summary 
Keycloak Denial of Service (DoS) Vulnerability via JWT Token Cache
A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/errata/RHSA-2025:4335
1
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/errata/RHSA-2025:4336
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-2559
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/security/cve/CVE-2025-2559
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2559
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29505
published_at 2026-04-18T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29687
published_at 2026-04-04T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29508
published_at 2026-04-07T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29571
published_at 2026-04-08T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.2961
published_at 2026-04-09T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29612
published_at 2026-04-11T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.29567
published_at 2026-04-12T12:55:00Z
7
value 0.00111
scoring_system epss
scoring_elements 0.29514
published_at 2026-04-13T12:55:00Z
8
value 0.00111
scoring_system epss
scoring_elements 0.29533
published_at 2026-04-16T12:55:00Z
9
value 0.00111
scoring_system epss
scoring_elements 0.29637
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2559
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353868
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2353868
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2559
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2559
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
11
reference_url https://github.com/advisories/GHSA-2935-2wfm-hhpv
reference_id GHSA-2935-2wfm-hhpv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2935-2wfm-hhpv
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.1.5
purl pkg:maven/org.keycloak/keycloak-services@26.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-bhrr-nn9f-7udu
4
vulnerability VCID-cdsa-wmby-ebbq
5
vulnerability VCID-d2rd-6u56-yfd8
6
vulnerability VCID-e4ub-v4ef-affb
7
vulnerability VCID-gnxr-2t9g-4ye4
8
vulnerability VCID-gzz6-md9v-b3em
9
vulnerability VCID-m3uj-4mag-kbf2
10
vulnerability VCID-mku9-3bpp-aqbk
11
vulnerability VCID-nxhc-rp71-hbdk
12
vulnerability VCID-qgbq-s33g-d7af
13
vulnerability VCID-uuf2-u7xh-uuef
14
vulnerability VCID-ver5-9t6m-c3ef
15
vulnerability VCID-w5f1-xryr-fucq
16
vulnerability VCID-x4aw-v76q-vbdc
17
vulnerability VCID-xd7x-aevv-cfcp
18
vulnerability VCID-xfnw-15sz-zyfr
19
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5
aliases CVE-2025-2559, GHSA-2935-2wfm-hhpv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-by72-dvnw-m3gu
6
url VCID-cdsa-wmby-ebbq
vulnerability_id VCID-cdsa-wmby-ebbq
summary 
Duplicate Advisory: Keycloak hostname verification
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:4335
1
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:4336
2
reference_url https://access.redhat.com/errata/RHSA-2025:8672
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:8672
3
reference_url https://access.redhat.com/errata/RHSA-2025:8690
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:8690
4
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3501
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
8
reference_url https://github.com/advisories/GHSA-r934-w73g-v4p8
reference_id GHSA-r934-w73g-v4p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r934-w73g-v4p8
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-uuf2-u7xh-uuef
12
vulnerability VCID-ver5-9t6m-c3ef
13
vulnerability VCID-w5f1-xryr-fucq
14
vulnerability VCID-x4aw-v76q-vbdc
15
vulnerability VCID-xd7x-aevv-cfcp
16
vulnerability VCID-xfnw-15sz-zyfr
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-r934-w73g-v4p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdsa-wmby-ebbq
7
url VCID-d2rd-6u56-yfd8
vulnerability_id VCID-d2rd-6u56-yfd8
summary 
Keycloak vulnerable to two factor authentication bypass
# Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4335
1
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4336
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/security/cve/CVE-2025-3910
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22169
published_at 2026-04-18T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22292
published_at 2026-04-02T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22336
published_at 2026-04-04T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.22121
published_at 2026-04-07T12:55:00Z
4
value 0.00073
scoring_system epss
scoring_elements 0.22204
published_at 2026-04-08T12:55:00Z
5
value 0.00073
scoring_system epss
scoring_elements 0.22258
published_at 2026-04-09T12:55:00Z
6
value 0.00073
scoring_system epss
scoring_elements 0.22277
published_at 2026-04-11T12:55:00Z
7
value 0.00073
scoring_system epss
scoring_elements 0.22235
published_at 2026-04-12T12:55:00Z
8
value 0.00073
scoring_system epss
scoring_elements 0.22175
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/39349
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://github.com/keycloak/keycloak/issues/39349
8
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
12
reference_url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
reference_id GHSA-5jfq-x6xp-7rw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-uuf2-u7xh-uuef
12
vulnerability VCID-ver5-9t6m-c3ef
13
vulnerability VCID-w5f1-xryr-fucq
14
vulnerability VCID-x4aw-v76q-vbdc
15
vulnerability VCID-xd7x-aevv-cfcp
16
vulnerability VCID-xfnw-15sz-zyfr
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3910, GHSA-5jfq-x6xp-7rw2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d2rd-6u56-yfd8
8
url VCID-e4ub-v4ef-affb
vulnerability_id VCID-e4ub-v4ef-affb
summary 
Keycloak hostname verification
A flaw was found in Keycloak. By setting a verification policy to 'ANY', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4335
1
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4336
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/security/cve/CVE-2025-3501
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25879
published_at 2026-04-18T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.26058
published_at 2026-04-02T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.26099
published_at 2026-04-04T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.25867
published_at 2026-04-07T12:55:00Z
4
value 0.00092
scoring_system epss
scoring_elements 0.25936
published_at 2026-04-08T12:55:00Z
5
value 0.00092
scoring_system epss
scoring_elements 0.25988
published_at 2026-04-09T12:55:00Z
6
value 0.00092
scoring_system epss
scoring_elements 0.25998
published_at 2026-04-11T12:55:00Z
7
value 0.00092
scoring_system epss
scoring_elements 0.25954
published_at 2026-04-12T12:55:00Z
8
value 0.00092
scoring_system epss
scoring_elements 0.25895
published_at 2026-04-13T12:55:00Z
9
value 0.00092
scoring_system epss
scoring_elements 0.25898
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
8
reference_url https://github.com/keycloak/keycloak/issues/39350
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/issues/39350
9
reference_url https://github.com/keycloak/keycloak/pull/39366
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/pull/39366
10
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
16
reference_url https://github.com/advisories/GHSA-hw58-3793-42gg
reference_id GHSA-hw58-3793-42gg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw58-3793-42gg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-uuf2-u7xh-uuef
12
vulnerability VCID-ver5-9t6m-c3ef
13
vulnerability VCID-w5f1-xryr-fucq
14
vulnerability VCID-x4aw-v76q-vbdc
15
vulnerability VCID-xd7x-aevv-cfcp
16
vulnerability VCID-xfnw-15sz-zyfr
17
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3501, GHSA-hw58-3793-42gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4ub-v4ef-affb
9
url VCID-gnxr-2t9g-4ye4
vulnerability_id VCID-gnxr-2t9g-4ye4
summary 
Keycloak SMTP Inject Vulnerability
Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15336
1
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15337
2
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15338
3
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15339
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05423
published_at 2026-04-07T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05458
published_at 2026-04-08T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05415
published_at 2026-04-04T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05384
published_at 2026-04-02T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05478
published_at 2026-04-09T12:55:00Z
5
value 0.00022
scoring_system epss
scoring_elements 0.05908
published_at 2026-04-18T12:55:00Z
6
value 0.00022
scoring_system epss
scoring_elements 0.0595
published_at 2026-04-11T12:55:00Z
7
value 0.00022
scoring_system epss
scoring_elements 0.05941
published_at 2026-04-12T12:55:00Z
8
value 0.00022
scoring_system epss
scoring_elements 0.05932
published_at 2026-04-13T12:55:00Z
9
value 0.00022
scoring_system epss
scoring_elements 0.05897
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
reference_id cpe:/a:redhat:build_keycloak:26.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
reference_id cpe:/a:redhat:build_keycloak:26.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/security/cve/CVE-2025-8419
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
14
reference_url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
15
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.8
purl pkg:maven/org.keycloak/keycloak-services@26.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8
1
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-x4aw-v76q-vbdc
6
vulnerability VCID-xd7x-aevv-cfcp
7
vulnerability VCID-xfnw-15sz-zyfr
8
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases CVE-2025-8419, GHSA-m4j5-5x4r-2xp9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnxr-2t9g-4ye4
10
url VCID-gzz6-md9v-b3em
vulnerability_id VCID-gzz6-md9v-b3em
summary 
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07718
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07686
published_at 2026-04-02T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09089
published_at 2026-04-08T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09121
published_at 2026-04-11T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.0909
published_at 2026-04-12T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.09009
published_at 2026-04-07T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09076
published_at 2026-04-13T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.08971
published_at 2026-04-16T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.0895
published_at 2026-04-18T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.0912
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
8
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-tc9b-zzjt-63c7
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em
11
url VCID-m3uj-4mag-kbf2
vulnerability_id VCID-m3uj-4mag-kbf2
summary 
Keycloak: Missing Check on Disabled Client for Docker Registry Protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/security/cve/CVE-2026-2733
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12651
published_at 2026-04-18T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12873
published_at 2026-04-02T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.12924
published_at 2026-04-04T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12727
published_at 2026-04-07T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12807
published_at 2026-04-08T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12857
published_at 2026-04-09T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12823
published_at 2026-04-11T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12787
published_at 2026-04-12T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12741
published_at 2026-04-13T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12643
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
8
reference_url https://github.com/keycloak/keycloak/issues/46462
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46462
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-fjf4-6f34-w64q
reference_id GHSA-fjf4-6f34-w64q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjf4-6f34-w64q
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2733, GHSA-fjf4-6f34-w64q
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3uj-4mag-kbf2
12
url VCID-mku9-3bpp-aqbk
vulnerability_id VCID-mku9-3bpp-aqbk
summary 
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.

### Original Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12015
1
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12016
2
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7784
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
4
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
5
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
6
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
8
reference_url https://github.com/advisories/GHSA-83j7-mhw9-388w
reference_id GHSA-83j7-mhw9-388w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83j7-mhw9-388w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.2
purl pkg:maven/org.keycloak/keycloak-services@26.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-gnxr-2t9g-4ye4
4
vulnerability VCID-gzz6-md9v-b3em
5
vulnerability VCID-m3uj-4mag-kbf2
6
vulnerability VCID-qgbq-s33g-d7af
7
vulnerability VCID-x4aw-v76q-vbdc
8
vulnerability VCID-xd7x-aevv-cfcp
9
vulnerability VCID-xfnw-15sz-zyfr
10
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2
aliases GHSA-83j7-mhw9-388w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mku9-3bpp-aqbk
13
url VCID-nxhc-rp71-hbdk
vulnerability_id VCID-nxhc-rp71-hbdk
summary 
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.

### Original Description
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:11986
1
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:11987
2
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12015
3
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2025:12016
4
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7365
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/40446
8
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/40520
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
11
reference_url https://github.com/advisories/GHSA-gj52-35xm-gxjh
reference_id GHSA-gj52-35xm-gxjh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gj52-35xm-gxjh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases GHSA-gj52-35xm-gxjh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nxhc-rp71-hbdk
14
url VCID-pjgz-fa5h-tkfh
vulnerability_id VCID-pjgz-fa5h-tkfh
summary 
org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:10175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10175
1
reference_url https://access.redhat.com/errata/RHSA-2024:10176
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10176
2
reference_url https://access.redhat.com/errata/RHSA-2024:10177
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10177
3
reference_url https://access.redhat.com/errata/RHSA-2024:10178
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10178
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json
5
reference_url https://access.redhat.com/security/cve/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/security/cve/CVE-2024-10270
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10270
reference_id
reference_type
scores
0
value 0.00088
scoring_system epss
scoring_elements 0.25053
published_at 2026-04-13T12:55:00Z
1
value 0.00088
scoring_system epss
scoring_elements 0.25107
published_at 2026-04-12T12:55:00Z
2
value 0.00088
scoring_system epss
scoring_elements 0.25064
published_at 2026-04-16T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25133
published_at 2026-04-09T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25056
published_at 2026-04-18T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25148
published_at 2026-04-11T12:55:00Z
6
value 0.00163
scoring_system epss
scoring_elements 0.37311
published_at 2026-04-02T12:55:00Z
7
value 0.00163
scoring_system epss
scoring_elements 0.37216
published_at 2026-04-08T12:55:00Z
8
value 0.00163
scoring_system epss
scoring_elements 0.37165
published_at 2026-04-07T12:55:00Z
9
value 0.00163
scoring_system epss
scoring_elements 0.37337
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10270
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4
10
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
19
reference_url https://github.com/advisories/GHSA-wq8x-cg39-8mrr
reference_id GHSA-wq8x-cg39-8mrr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq8x-cg39-8mrr
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.6
purl pkg:maven/org.keycloak/keycloak-services@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-bhrr-nn9f-7udu
5
vulnerability VCID-by72-dvnw-m3gu
6
vulnerability VCID-cdsa-wmby-ebbq
7
vulnerability VCID-d2rd-6u56-yfd8
8
vulnerability VCID-e4ub-v4ef-affb
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6
aliases CVE-2024-10270, GHSA-wq8x-cg39-8mrr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjgz-fa5h-tkfh
15
url VCID-qgbq-s33g-d7af
vulnerability_id VCID-qgbq-s33g-d7af
summary 
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-02T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16588
published_at 2026-04-07T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16673
published_at 2026-04-08T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-09T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-04-11T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16989
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19006
published_at 2026-04-18T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19091
published_at 2026-04-12T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19038
published_at 2026-04-13T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.18994
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
8
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af
16
url VCID-uuf2-u7xh-uuef
vulnerability_id VCID-uuf2-u7xh-uuef
summary 
Keycloak does not invalidate offline sessions when the offline_access scope is removed
A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21370
1
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21371
2
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22088
3
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22089
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17422
published_at 2026-04-18T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17639
published_at 2026-04-02T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17685
published_at 2026-04-04T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17403
published_at 2026-04-07T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17495
published_at 2026-04-08T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17556
published_at 2026-04-09T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17569
published_at 2026-04-11T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17522
published_at 2026-04-12T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17469
published_at 2026-04-13T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.17411
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
9
reference_url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
10
reference_url https://github.com/keycloak/keycloak/pull/43790
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://github.com/keycloak/keycloak/pull/43790
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
13
reference_url https://access.redhat.com/security/cve/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/security/cve/CVE-2025-12110
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
15
reference_url https://github.com/advisories/GHSA-895x-rfqp-jh5c
reference_id GHSA-895x-rfqp-jh5c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-895x-rfqp-jh5c
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.3
purl pkg:maven/org.keycloak/keycloak-services@26.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-9f1k-z7z2-d7cc
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-m3uj-4mag-kbf2
8
vulnerability VCID-mku9-3bpp-aqbk
9
vulnerability VCID-nxhc-rp71-hbdk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-ver5-9t6m-c3ef
12
vulnerability VCID-w5f1-xryr-fucq
13
vulnerability VCID-x4aw-v76q-vbdc
14
vulnerability VCID-xd7x-aevv-cfcp
15
vulnerability VCID-xfnw-15sz-zyfr
16
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3
aliases CVE-2025-12110, GHSA-895x-rfqp-jh5c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuf2-u7xh-uuef
17
url VCID-ver5-9t6m-c3ef
vulnerability_id VCID-ver5-9t6m-c3ef
summary 
Keycloak Admin REST API exposes backend schema and rules
A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
3
reference_url https://access.redhat.com/security/cve/CVE-2025-14083
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/security/cve/CVE-2025-14083
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10165
published_at 2026-04-02T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.1077
published_at 2026-04-18T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10994
published_at 2026-04-04T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.10819
published_at 2026-04-07T12:55:00Z
4
value 0.00037
scoring_system epss
scoring_elements 0.10894
published_at 2026-04-08T12:55:00Z
5
value 0.00037
scoring_system epss
scoring_elements 0.10947
published_at 2026-04-09T12:55:00Z
6
value 0.00037
scoring_system epss
scoring_elements 0.10948
published_at 2026-04-11T12:55:00Z
7
value 0.00037
scoring_system epss
scoring_elements 0.10915
published_at 2026-04-12T12:55:00Z
8
value 0.00037
scoring_system epss
scoring_elements 0.10893
published_at 2026-04-13T12:55:00Z
9
value 0.00037
scoring_system epss
scoring_elements 0.10758
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45493
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45493
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://github.com/advisories/GHSA-594w-2fwp-jwrc
reference_id GHSA-594w-2fwp-jwrc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-594w-2fwp-jwrc
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-14083, GHSA-594w-2fwp-jwrc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ver5-9t6m-c3ef
18
url VCID-vstv-ec14-quc5
vulnerability_id VCID-vstv-ec14-quc5
summary 
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.

## Original Description
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
references
0
reference_url https://access.redhat.com/errata/RHSA-2024:10175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10175
1
reference_url https://access.redhat.com/errata/RHSA-2024:10176
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10176
2
reference_url https://access.redhat.com/errata/RHSA-2024:10177
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10177
3
reference_url https://access.redhat.com/errata/RHSA-2024:10178
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2024:10178
4
reference_url https://access.redhat.com/security/cve/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-10270
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
7
reference_url https://github.com/advisories/GHSA-j3x3-r585-4qhg
reference_id GHSA-j3x3-r585-4qhg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j3x3-r585-4qhg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.6
purl pkg:maven/org.keycloak/keycloak-services@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-bhrr-nn9f-7udu
5
vulnerability VCID-by72-dvnw-m3gu
6
vulnerability VCID-cdsa-wmby-ebbq
7
vulnerability VCID-d2rd-6u56-yfd8
8
vulnerability VCID-e4ub-v4ef-affb
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-qgbq-s33g-d7af
15
vulnerability VCID-uuf2-u7xh-uuef
16
vulnerability VCID-ver5-9t6m-c3ef
17
vulnerability VCID-w5f1-xryr-fucq
18
vulnerability VCID-x4aw-v76q-vbdc
19
vulnerability VCID-xd7x-aevv-cfcp
20
vulnerability VCID-xfnw-15sz-zyfr
21
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6
aliases GHSA-j3x3-r585-4qhg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vstv-ec14-quc5
19
url VCID-w5f1-xryr-fucq
vulnerability_id VCID-w5f1-xryr-fucq
summary 
Keycloak does not validate and update refresh token usage atomically
A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-1035
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/security/cve/CVE-2026-1035
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01222
published_at 2026-04-18T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01204
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01219
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01228
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01234
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01237
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.0122
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01214
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01216
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01209
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/issues/45647
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45647
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
reference_id GHSA-m2w5-7xhv-w6fh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5vwq-aqk5-nkh9
2
vulnerability VCID-7c1j-kcbb-v3f1
3
vulnerability VCID-8vzz-naas-a7ab
4
vulnerability VCID-epcy-krft-z7d4
5
vulnerability VCID-gnxr-2t9g-4ye4
6
vulnerability VCID-gzz6-md9v-b3em
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-m3uj-4mag-kbf2
9
vulnerability VCID-mku9-3bpp-aqbk
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-x4aw-v76q-vbdc
13
vulnerability VCID-xd7x-aevv-cfcp
14
vulnerability VCID-xfnw-15sz-zyfr
15
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2026-1035, GHSA-m2w5-7xhv-w6fh
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w5f1-xryr-fucq
20
url VCID-x4aw-v76q-vbdc
vulnerability_id VCID-x4aw-v76q-vbdc
summary 
Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass
A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21370
1
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21371
2
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22088
3
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22089
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
5
reference_url https://access.redhat.com/security/cve/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/security/cve/CVE-2025-12150
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-18T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01619
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.0162
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01627
published_at 2026-04-09T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-12T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01603
published_at 2026-04-13T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01591
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
10
reference_url https://github.com/keycloak/keycloak/issues/35110
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35110
11
reference_url https://github.com/keycloak/keycloak/issues/43723
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://github.com/keycloak/keycloak/issues/43723
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
reference_id GHSA-7g5x-9c4v-4w5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.4
purl pkg:maven/org.keycloak/keycloak-services@26.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-gzz6-md9v-b3em
3
vulnerability VCID-m3uj-4mag-kbf2
4
vulnerability VCID-qgbq-s33g-d7af
5
vulnerability VCID-xd7x-aevv-cfcp
6
vulnerability VCID-xfnw-15sz-zyfr
7
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4
aliases CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x4aw-v76q-vbdc
21
url VCID-xd7x-aevv-cfcp
vulnerability_id VCID-xd7x-aevv-cfcp
summary 
Keycloak: Denial of Service due to excessive SAMLRequest decompression
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/security/cve/CVE-2026-2575
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.08376
published_at 2026-04-18T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.08475
published_at 2026-04-02T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.08531
published_at 2026-04-04T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.08449
published_at 2026-04-07T12:55:00Z
4
value 0.0003
scoring_system epss
scoring_elements 0.08523
published_at 2026-04-08T12:55:00Z
5
value 0.0003
scoring_system epss
scoring_elements 0.08543
published_at 2026-04-09T12:55:00Z
6
value 0.0003
scoring_system epss
scoring_elements 0.08537
published_at 2026-04-11T12:55:00Z
7
value 0.0003
scoring_system epss
scoring_elements 0.08517
published_at 2026-04-12T12:55:00Z
8
value 0.0003
scoring_system epss
scoring_elements 0.08501
published_at 2026-04-13T12:55:00Z
9
value 0.0003
scoring_system epss
scoring_elements 0.08393
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
8
reference_url https://github.com/keycloak/keycloak/issues/46372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46372
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
reference_id GHSA-xv6h-r36f-3gp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-gzz6-md9v-b3em
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2575, GHSA-xv6h-r36f-3gp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xd7x-aevv-cfcp
22
url VCID-xfnw-15sz-zyfr
vulnerability_id VCID-xfnw-15sz-zyfr
summary 
Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions
A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01382
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01613
published_at 2026-04-09T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01605
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01607
published_at 2026-04-08T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01604
published_at 2026-04-04T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.021
published_at 2026-04-18T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.02131
published_at 2026-04-11T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02116
published_at 2026-04-12T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02111
published_at 2026-04-13T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02087
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
5
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
6
reference_url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/security/cve/CVE-2025-14082
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
10
reference_url https://github.com/advisories/GHSA-6q37-7866-h27j
reference_id GHSA-6q37-7866-h27j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q37-7866-h27j
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.0
purl pkg:maven/org.keycloak/keycloak-services@26.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5vwq-aqk5-nkh9
1
vulnerability VCID-7c1j-kcbb-v3f1
2
vulnerability VCID-8vzz-naas-a7ab
3
vulnerability VCID-a5d9-k9vd-fyfe
4
vulnerability VCID-baux-3v7g-tucw
5
vulnerability VCID-gzz6-md9v-b3em
6
vulnerability VCID-j5bq-q689-qbg3
7
vulnerability VCID-jsvn-26y8-q3ey
8
vulnerability VCID-khfk-1gas-vfan
9
vulnerability VCID-m3uj-4mag-kbf2
10
vulnerability VCID-qgbq-s33g-d7af
11
vulnerability VCID-tc9b-zzjt-63c7
12
vulnerability VCID-xd7x-aevv-cfcp
13
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0
aliases CVE-2025-14082, GHSA-6q37-7866-h27j
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfnw-15sz-zyfr
23
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdkf-3bgs-w7dm
1
vulnerability VCID-ugtk-3bjv-s3a4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
0
url VCID-5zh4-963a-q3gp
vulnerability_id VCID-5zh4-963a-q3gp
summary 
Keycloak vulnerable to session takeovers due to reuse of session identifiers
A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.
references
0
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:21370
1
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:21371
2
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:22088
3
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:22089
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12390
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0135
published_at 2026-04-04T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01345
published_at 2026-04-02T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03043
published_at 2026-04-18T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03101
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03106
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03131
published_at 2026-04-09T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03093
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03069
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.03057
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12390
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406793
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406793
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282
9
reference_url https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a
10
reference_url https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d
11
reference_url https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80
12
reference_url https://github.com/keycloak/keycloak/discussions/31265
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/discussions/31265
13
reference_url https://github.com/keycloak/keycloak/issues/32197
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/32197
14
reference_url https://github.com/keycloak/keycloak/issues/43853
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://github.com/keycloak/keycloak/issues/43853
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
17
reference_url https://access.redhat.com/security/cve/CVE-2025-12390
reference_id CVE-2025-12390
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/security/cve/CVE-2025-12390
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12390
reference_id CVE-2025-12390
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12390
19
reference_url https://github.com/advisories/GHSA-rg35-5v25-mqvp
reference_id GHSA-rg35-5v25-mqvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg35-5v25-mqvp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.0
purl pkg:maven/org.keycloak/keycloak-services@26.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dgp-xdrz-q7dv
1
vulnerability VCID-5f8r-n4mm-y3g6
2
vulnerability VCID-5vwq-aqk5-nkh9
3
vulnerability VCID-7c1j-kcbb-v3f1
4
vulnerability VCID-bhrr-nn9f-7udu
5
vulnerability VCID-by72-dvnw-m3gu
6
vulnerability VCID-cdsa-wmby-ebbq
7
vulnerability VCID-d2rd-6u56-yfd8
8
vulnerability VCID-e4ub-v4ef-affb
9
vulnerability VCID-gnxr-2t9g-4ye4
10
vulnerability VCID-gzz6-md9v-b3em
11
vulnerability VCID-m3uj-4mag-kbf2
12
vulnerability VCID-mku9-3bpp-aqbk
13
vulnerability VCID-nxhc-rp71-hbdk
14
vulnerability VCID-pjgz-fa5h-tkfh
15
vulnerability VCID-qgbq-s33g-d7af
16
vulnerability VCID-uuf2-u7xh-uuef
17
vulnerability VCID-ver5-9t6m-c3ef
18
vulnerability VCID-vstv-ec14-quc5
19
vulnerability VCID-w5f1-xryr-fucq
20
vulnerability VCID-x4aw-v76q-vbdc
21
vulnerability VCID-xd7x-aevv-cfcp
22
vulnerability VCID-xfnw-15sz-zyfr
23
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0
aliases CVE-2025-12390, GHSA-rg35-5v25-mqvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zh4-963a-q3gp
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0