Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.5.5
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.5.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-7c1j-kcbb-v3f1
vulnerability_id VCID-7c1j-kcbb-v3f1
summary 
Keycloak: Information disclosure of disabled user attributes via administrative endpoint
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01414
published_at 2026-04-09T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01407
published_at 2026-04-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01402
published_at 2026-04-04T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-02T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01408
published_at 2026-04-07T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01413
published_at 2026-04-08T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01857
published_at 2026-04-21T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01788
published_at 2026-04-12T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.01786
published_at 2026-04-13T12:55:00Z
9
value 0.00012
scoring_system epss
scoring_elements 0.01775
published_at 2026-04-16T12:55:00Z
10
value 0.00012
scoring_system epss
scoring_elements 0.01773
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
8
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
9
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
12
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a5d9-k9vd-fyfe
1
vulnerability VCID-mdkf-3bgs-w7dm
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-ugtk-3bjv-s3a4
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c1j-kcbb-v3f1
1
url VCID-c1zj-whnw-1qf6
vulnerability_id VCID-c1zj-whnw-1qf6
summary Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.15521
published_at 2026-04-16T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.15531
published_at 2026-04-18T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17118
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/issues/48049
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/48049
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://access.redhat.com/security/cve/CVE-2026-37980
reference_id CVE-2026-37980
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://access.redhat.com/security/cve/CVE-2026-37980
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
reference_id CVE-2026-37980
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
8
reference_url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
reference_id GHSA-m32f-8vh9-2hh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
fixed_packages
aliases CVE-2026-37980, GHSA-m32f-8vh9-2hh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1zj-whnw-1qf6
2
url VCID-qgbq-s33g-d7af
vulnerability_id VCID-qgbq-s33g-d7af
summary 
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-02T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16588
published_at 2026-04-07T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16673
published_at 2026-04-08T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-09T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-04-11T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16989
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19015
published_at 2026-04-21T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19091
published_at 2026-04-12T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19038
published_at 2026-04-13T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.18994
published_at 2026-04-16T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19006
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
8
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af
3
url VCID-tc9b-zzjt-63c7
vulnerability_id VCID-tc9b-zzjt-63c7
summary 
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/security/cve/CVE-2026-2092
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23452
published_at 2026-04-09T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23401
published_at 2026-04-08T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23471
published_at 2026-04-11T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23329
published_at 2026-04-07T12:55:00Z
4
value 0.00079
scoring_system epss
scoring_elements 0.23508
published_at 2026-04-02T12:55:00Z
5
value 0.00079
scoring_system epss
scoring_elements 0.23433
published_at 2026-04-12T12:55:00Z
6
value 0.00079
scoring_system epss
scoring_elements 0.23378
published_at 2026-04-13T12:55:00Z
7
value 0.00079
scoring_system epss
scoring_elements 0.23396
published_at 2026-04-16T12:55:00Z
8
value 0.00079
scoring_system epss
scoring_elements 0.2339
published_at 2026-04-18T12:55:00Z
9
value 0.00079
scoring_system epss
scoring_elements 0.23545
published_at 2026-04-04T12:55:00Z
10
value 0.00091
scoring_system epss
scoring_elements 0.25573
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
13
reference_url https://github.com/advisories/GHSA-wmxr-6j5f-838p
reference_id GHSA-wmxr-6j5f-838p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmxr-6j5f-838p
fixed_packages
aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9b-zzjt-63c7
4
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.4948
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdkf-3bgs-w7dm
1
vulnerability VCID-ugtk-3bjv-s3a4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
0
url VCID-gzz6-md9v-b3em
vulnerability_id VCID-gzz6-md9v-b3em
summary 
Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator
A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00027
scoring_system epss
scoring_elements 0.07718
published_at 2026-04-04T12:55:00Z
1
value 0.00027
scoring_system epss
scoring_elements 0.07686
published_at 2026-04-02T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09121
published_at 2026-04-11T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.0909
published_at 2026-04-12T12:55:00Z
4
value 0.00032
scoring_system epss
scoring_elements 0.09076
published_at 2026-04-13T12:55:00Z
5
value 0.00032
scoring_system epss
scoring_elements 0.08971
published_at 2026-04-16T12:55:00Z
6
value 0.00032
scoring_system epss
scoring_elements 0.09009
published_at 2026-04-07T12:55:00Z
7
value 0.00032
scoring_system epss
scoring_elements 0.0895
published_at 2026-04-18T12:55:00Z
8
value 0.00032
scoring_system epss
scoring_elements 0.09103
published_at 2026-04-21T12:55:00Z
9
value 0.00032
scoring_system epss
scoring_elements 0.0912
published_at 2026-04-09T12:55:00Z
10
value 0.00032
scoring_system epss
scoring_elements 0.09089
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
8
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
9
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
15
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-tc9b-zzjt-63c7
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gzz6-md9v-b3em
1
url VCID-tc9b-zzjt-63c7
vulnerability_id VCID-tc9b-zzjt-63c7
summary 
Keycloak: Unauthorized access via improper validation of encrypted SAML assertions
A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/security/cve/CVE-2026-2092
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23452
published_at 2026-04-09T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23401
published_at 2026-04-08T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.23471
published_at 2026-04-11T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.23329
published_at 2026-04-07T12:55:00Z
4
value 0.00079
scoring_system epss
scoring_elements 0.23508
published_at 2026-04-02T12:55:00Z
5
value 0.00079
scoring_system epss
scoring_elements 0.23433
published_at 2026-04-12T12:55:00Z
6
value 0.00079
scoring_system epss
scoring_elements 0.23378
published_at 2026-04-13T12:55:00Z
7
value 0.00079
scoring_system epss
scoring_elements 0.23396
published_at 2026-04-16T12:55:00Z
8
value 0.00079
scoring_system epss
scoring_elements 0.2339
published_at 2026-04-18T12:55:00Z
9
value 0.00079
scoring_system epss
scoring_elements 0.23545
published_at 2026-04-04T12:55:00Z
10
value 0.00091
scoring_system epss
scoring_elements 0.25573
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
13
reference_url https://github.com/advisories/GHSA-wmxr-6j5f-838p
reference_id GHSA-wmxr-6j5f-838p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmxr-6j5f-838p
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.14
purl pkg:maven/org.keycloak/keycloak-services@26.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14
1
url pkg:maven/org.keycloak/keycloak-services@26.4.10
purl pkg:maven/org.keycloak/keycloak-services@26.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10
2
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7c1j-kcbb-v3f1
1
vulnerability VCID-c1zj-whnw-1qf6
2
vulnerability VCID-qgbq-s33g-d7af
3
vulnerability VCID-tc9b-zzjt-63c7
4
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc9b-zzjt-63c7
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5