Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.1.0

Type maven

Namespace org.keycloak

Name keycloak-server-spi-private

Version 26.1.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 26.5.6

Latest_non_vulnerable_version 26.5.6

Affected_by_vulnerabilities

url VCID-jue7-bmnv-hqcy

vulnerability_id VCID-jue7-bmnv-hqcy

summary

Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:2365

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2365

reference_url

https://access.redhat.com/errata/RHSA-2026:2366

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/errata/RHSA-2026:2366

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0871.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01664
published_at	2026-06-06T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01658
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0871

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2428881

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/9d0f679ecea405958f167fcd0f4a6db6ae32c3fa

reference_url

https://github.com/keycloak/keycloak/issues/45873

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/45873

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id	cpe:/a:redhat:jbosseapxp
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id	cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id	cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7

reference_url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_id

CVE-2026-0871

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:51:23Z/

url

https://access.redhat.com/security/cve/CVE-2026-0871

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_id

CVE-2026-0871

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0871

reference_url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

reference_id

GHSA-v4jw-m6rm-399h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v4jw-m6rm-399h

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pq67-ngsq-cbe4

vulnerability	VCID-uxs4-bydz-tbh4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.2

aliases CVE-2026-0871, GHSA-v4jw-m6rm-399h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jue7-bmnv-hqcy

url VCID-pq67-ngsq-cbe4

vulnerability_id VCID-pq67-ngsq-cbe4

summary keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API

references

reference_url

https://access.redhat.com/errata/RHSA-2026:6477

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2026:6477

reference_url

https://access.redhat.com/errata/RHSA-2026:6478

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2026:6478

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-3190

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/

url

https://access.redhat.com/security/cve/CVE-2026-3190

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3190

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02148
published_at	2026-06-06T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02142
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3190

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694

reference_url

https://github.com/keycloak/keycloak/issues/46723

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46723

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-3190

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-3190

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2442572

reference_id

2442572

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2442572

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url	https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id	GHSA-q35r-vvhv-vx5h
reference_type
scores
url	https://github.com/advisories/GHSA-q35r-vvhv-vx5h

fixed_packages

url	pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
purl	pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.6

aliases CVE-2026-3190, GHSA-q35r-vvhv-vx5h

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pq67-ngsq-cbe4

url VCID-uxs4-bydz-tbh4

vulnerability_id VCID-uxs4-bydz-tbh4

summary keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider

references

reference_url

https://access.redhat.com/errata/RHSA-2026:3925

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3925

reference_url

https://access.redhat.com/errata/RHSA-2026:3926

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3926

reference_url

https://access.redhat.com/errata/RHSA-2026:3947

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3947

reference_url

https://access.redhat.com/errata/RHSA-2026:3948

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/errata/RHSA-2026:3948

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json

reference_url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://access.redhat.com/security/cve/CVE-2026-2603

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_id

reference_type

scores

value	0.00226
scoring_system	epss
scoring_elements	0.45463
published_at	2026-06-06T12:55:00Z

value	0.00226
scoring_system	epss
scoring_elements	0.45459
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-2603

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a

reference_url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132

reference_url

https://github.com/keycloak/keycloak/commits/26.5.5

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/commits/26.5.5

reference_url

https://github.com/keycloak/keycloak/issues/46911

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/issues/46911

reference_url

https://github.com/keycloak/keycloak/pull/46932

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak/pull/46932

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-2603

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_id

2440300

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2440300

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id	cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url	https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id	GHSA-x4p7-7chp-64hq
reference_type
scores
url	https://github.com/advisories/GHSA-x4p7-7chp-64hq

fixed_packages

url pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

purl pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-pq67-ngsq-cbe4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.5.5

aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxs4-bydz-tbh4

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-server-spi-private@26.1.0

Package Instance