Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.5.7
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.5.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-cf37-8d6y-r3d5
vulnerability_id VCID-cf37-8d6y-r3d5
summary keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
reference_id
reference_type
scores
0
value 7e-05
scoring_system epss
scoring_elements 0.00527
published_at 2026-04-07T12:55:00Z
1
value 7e-05
scoring_system epss
scoring_elements 0.00522
published_at 2026-04-09T12:55:00Z
2
value 7e-05
scoring_system epss
scoring_elements 0.00524
published_at 2026-04-11T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.00874
published_at 2026-04-16T12:55:00Z
4
value 9e-05
scoring_system epss
scoring_elements 0.0093
published_at 2026-04-21T12:55:00Z
5
value 9e-05
scoring_system epss
scoring_elements 0.0088
published_at 2026-04-18T12:55:00Z
6
value 9e-05
scoring_system epss
scoring_elements 0.00876
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
reference_id 2455324
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://access.redhat.com/security/cve/CVE-2026-37977
reference_id CVE-2026-37977
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/security/cve/CVE-2026-37977
7
reference_url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
reference_id GHSA-5v8v-xvjv-57x7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
fixed_packages
aliases CVE-2026-37977, GHSA-5v8v-xvjv-57x7
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf37-8d6y-r3d5
1
url VCID-y1h3-yyn9-53fr
vulnerability_id VCID-y1h3-yyn9-53fr
summary 
Keycloak: Unauthorized authentication via disabled SAML Identity Provider
A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
1
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
2
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
3
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
5
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.3858
published_at 2026-04-04T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38518
published_at 2026-04-11T12:55:00Z
2
value 0.00172
scoring_system epss
scoring_elements 0.38504
published_at 2026-04-09T12:55:00Z
3
value 0.00172
scoring_system epss
scoring_elements 0.38495
published_at 2026-04-08T12:55:00Z
4
value 0.00172
scoring_system epss
scoring_elements 0.38444
published_at 2026-04-07T12:55:00Z
5
value 0.00172
scoring_system epss
scoring_elements 0.38556
published_at 2026-04-02T12:55:00Z
6
value 0.00227
scoring_system epss
scoring_elements 0.4543
published_at 2026-04-13T12:55:00Z
7
value 0.00227
scoring_system epss
scoring_elements 0.45429
published_at 2026-04-12T12:55:00Z
8
value 0.00227
scoring_system epss
scoring_elements 0.45482
published_at 2026-04-16T12:55:00Z
9
value 0.00227
scoring_system epss
scoring_elements 0.45478
published_at 2026-04-18T12:55:00Z
10
value 0.00261
scoring_system epss
scoring_elements 0.4948
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
8
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
9
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
10
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
11
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
15
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mdkf-3bgs-w7dm
1
vulnerability VCID-ugtk-3bjv-s3a4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y1h3-yyn9-53fr
Fixing_vulnerabilities
0
url VCID-6n3p-8y8x-bbfc
vulnerability_id VCID-6n3p-8y8x-bbfc
summary Keycloak: Application-Level DoS via Scope Processing
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
reference_id
reference_type
scores
0
value 0.00067
scoring_system epss
scoring_elements 0.20807
published_at 2026-04-04T12:55:00Z
1
value 0.00067
scoring_system epss
scoring_elements 0.20526
published_at 2026-04-07T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.21906
published_at 2026-04-21T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.21949
published_at 2026-04-18T12:55:00Z
4
value 0.00088
scoring_system epss
scoring_elements 0.25134
published_at 2026-04-09T12:55:00Z
5
value 0.00088
scoring_system epss
scoring_elements 0.25064
published_at 2026-04-16T12:55:00Z
6
value 0.00088
scoring_system epss
scoring_elements 0.25054
published_at 2026-04-13T12:55:00Z
7
value 0.00088
scoring_system epss
scoring_elements 0.25107
published_at 2026-04-12T12:55:00Z
8
value 0.00088
scoring_system epss
scoring_elements 0.25149
published_at 2026-04-11T12:55:00Z
9
value 0.00088
scoring_system epss
scoring_elements 0.25089
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
7
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
8
reference_url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
9
reference_url https://github.com/keycloak/keycloak/issues/47716
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47716
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2026-4634
reference_id CVE-2026-4634
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4634
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
reference_id CVE-2026-4634
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
14
reference_url https://github.com/advisories/GHSA-h4wv-g838-66g3
reference_id GHSA-h4wv-g838-66g3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4wv-g838-66g3
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4634, GHSA-h4wv-g838-66g3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6n3p-8y8x-bbfc
1
url VCID-auwb-hcuv-gygf
vulnerability_id VCID-auwb-hcuv-gygf
summary A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01291
published_at 2026-04-21T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09277
published_at 2026-04-18T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09286
published_at 2026-04-07T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09375
published_at 2026-04-04T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09561
published_at 2026-04-08T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09469
published_at 2026-04-16T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09576
published_at 2026-04-13T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09592
published_at 2026-04-12T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09622
published_at 2026-04-11T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09608
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
8
reference_url https://github.com/keycloak/keycloak/issues/47718
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47718
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/security/cve/CVE-2026-3872
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
13
reference_url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
reference_id GHSA-cjm2-j6cm-6p6m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
reference_id show_bug.cgi?id=2445988
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3872, GHSA-cjm2-j6cm-6p6m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-auwb-hcuv-gygf
2
url VCID-c11x-8jte-fuds
vulnerability_id VCID-c11x-8jte-fuds
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10066
published_at 2026-04-07T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.1017
published_at 2026-04-04T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.10941
published_at 2026-04-21T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11179
published_at 2026-04-08T12:55:00Z
4
value 0.00037
scoring_system epss
scoring_elements 0.11235
published_at 2026-04-09T12:55:00Z
5
value 0.00037
scoring_system epss
scoring_elements 0.11244
published_at 2026-04-11T12:55:00Z
6
value 0.00037
scoring_system epss
scoring_elements 0.11212
published_at 2026-04-12T12:55:00Z
7
value 0.00037
scoring_system epss
scoring_elements 0.11186
published_at 2026-04-13T12:55:00Z
8
value 0.00037
scoring_system epss
scoring_elements 0.11051
published_at 2026-04-16T12:55:00Z
9
value 0.00037
scoring_system epss
scoring_elements 0.10821
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
8
reference_url https://github.com/keycloak/keycloak/issues/47715
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47715
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2026-4325
reference_id CVE-2026-4325
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/security/cve/CVE-2026-4325
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
reference_id CVE-2026-4325
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
14
reference_url https://github.com/advisories/GHSA-rx66-hj7g-28h7
reference_id GHSA-rx66-hj7g-28h7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rx66-hj7g-28h7
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
reference_id show_bug.cgi?id=2448351
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4325, GHSA-rx66-hj7g-28h7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c11x-8jte-fuds
3
url VCID-gn2j-ra6w-r3et
vulnerability_id VCID-gn2j-ra6w-r3et
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08975
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08827
published_at 2026-04-18T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09727
published_at 2026-04-07T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09825
published_at 2026-04-04T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13585
published_at 2026-04-08T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13435
published_at 2026-04-16T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13522
published_at 2026-04-13T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.1357
published_at 2026-04-12T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13607
published_at 2026-04-11T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13636
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
8
reference_url https://github.com/keycloak/keycloak/issues/47719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47719
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-4282
reference_id CVE-2026-4282
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/security/cve/CVE-2026-4282
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
reference_id CVE-2026-4282
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
13
reference_url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
reference_id GHSA-hj93-h7pg-fh6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
reference_id show_bug.cgi?id=2448061
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4282, GHSA-hj93-h7pg-fh6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gn2j-ra6w-r3et
4
url VCID-k4xv-x1pt-guce
vulnerability_id VCID-k4xv-x1pt-guce
summary A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06675
published_at 2026-04-04T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06661
published_at 2026-04-07T12:55:00Z
2
value 0.00027
scoring_system epss
scoring_elements 0.07765
published_at 2026-04-08T12:55:00Z
3
value 0.00027
scoring_system epss
scoring_elements 0.0767
published_at 2026-04-16T12:55:00Z
4
value 0.00027
scoring_system epss
scoring_elements 0.07755
published_at 2026-04-13T12:55:00Z
5
value 0.00027
scoring_system epss
scoring_elements 0.07772
published_at 2026-04-12T12:55:00Z
6
value 0.00027
scoring_system epss
scoring_elements 0.07785
published_at 2026-04-11T12:55:00Z
7
value 0.00027
scoring_system epss
scoring_elements 0.07784
published_at 2026-04-09T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08614
published_at 2026-04-18T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08767
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
8
reference_url https://github.com/keycloak/keycloak/issues/47717
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47717
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
10
reference_url https://access.redhat.com/security/cve/CVE-2026-4636
reference_id CVE-2026-4636
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/security/cve/CVE-2026-4636
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
reference_id CVE-2026-4636
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
12
reference_url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
reference_id GHSA-f2hx-5fx3-hmcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
reference_id show_bug.cgi?id=2450251
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4636, GHSA-f2hx-5fx3-hmcv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4xv-x1pt-guce
5
url VCID-qgbq-s33g-d7af
vulnerability_id VCID-qgbq-s33g-d7af
summary 
Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
1
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
3
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00045
scoring_system epss
scoring_elements 0.13935
published_at 2026-04-02T12:55:00Z
1
value 0.00053
scoring_system epss
scoring_elements 0.16588
published_at 2026-04-07T12:55:00Z
2
value 0.00053
scoring_system epss
scoring_elements 0.16673
published_at 2026-04-08T12:55:00Z
3
value 0.00053
scoring_system epss
scoring_elements 0.16727
published_at 2026-04-09T12:55:00Z
4
value 0.00053
scoring_system epss
scoring_elements 0.16706
published_at 2026-04-11T12:55:00Z
5
value 0.00054
scoring_system epss
scoring_elements 0.16989
published_at 2026-04-04T12:55:00Z
6
value 0.00061
scoring_system epss
scoring_elements 0.19015
published_at 2026-04-21T12:55:00Z
7
value 0.00061
scoring_system epss
scoring_elements 0.19091
published_at 2026-04-12T12:55:00Z
8
value 0.00061
scoring_system epss
scoring_elements 0.19038
published_at 2026-04-13T12:55:00Z
9
value 0.00061
scoring_system epss
scoring_elements 0.18994
published_at 2026-04-16T12:55:00Z
10
value 0.00061
scoring_system epss
scoring_elements 0.19006
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
8
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
14
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgbq-s33g-d7af
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7