Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.keycloak/keycloak-core@26.0.6
purl pkg:maven/org.keycloak/keycloak-core@26.0.6
Next non-vulnerable version 26.1.3
Latest non-vulnerable version 26.1.3
Risk 1.7
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-kp25-fan9-jkd2
Aliases:
CVE-2024-4028
GHSA-q4xq-445g-g6ch
Keycloak allows cross-site scripting (XSS) A vulnerability was found in Keycloak. This issue may allow a privileged attacker to use a malicious payload as the permission while creating items (Resource and Permissions) from the admin console, leading to a stored cross-site scripting (XSS) attack.
26.1.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-heqp-u355-wyaz Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication mechanism. CVE-2024-10039
GHSA-93ww-43rr-79v3

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T22:02:36.498615+00:00 GitLab Importer Affected by VCID-kp25-fan9-jkd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-4028.yml 38.5.0
2026-04-29T21:56:56.412993+00:00 GitLab Importer Fixing VCID-heqp-u355-wyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml 38.5.0
2026-04-16T23:21:13.823701+00:00 GitLab Importer Affected by VCID-kp25-fan9-jkd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-4028.yml 38.4.0
2026-04-16T23:15:38.840103+00:00 GitLab Importer Fixing VCID-heqp-u355-wyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml 38.4.0
2026-04-12T00:40:15.748820+00:00 GitLab Importer Affected by VCID-kp25-fan9-jkd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-4028.yml 38.3.0
2026-04-12T00:34:17.809915+00:00 GitLab Importer Fixing VCID-heqp-u355-wyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml 38.3.0
2026-04-07T04:56:31.229946+00:00 GHSA Importer Fixing VCID-heqp-u355-wyaz https://github.com/advisories/GHSA-93ww-43rr-79v3 38.1.0
2026-04-03T00:48:11.337312+00:00 GitLab Importer Affected by VCID-kp25-fan9-jkd2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-4028.yml 38.1.0
2026-04-03T00:42:01.804414+00:00 GitLab Importer Fixing VCID-heqp-u355-wyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml 38.1.0
2026-04-02T12:40:28.049581+00:00 GitLab Importer Fixing VCID-heqp-u355-wyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-core/CVE-2024-10039.yml 38.0.0
2026-04-01T12:51:10.314522+00:00 GithubOSV Importer Fixing VCID-heqp-u355-wyaz https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-93ww-43rr-79v3/GHSA-93ww-43rr-79v3.json 38.0.0