Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qgbq-s33g-d7af
Vulnerability ID VCID-qgbq-s33g-d7af
Aliases CVE-2026-3429
GHSA-8g9r-9wjw-37j4
Summary Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-284 Improper Access Control
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 4.2 https://access.redhat.com/errata/RHSA-2026:6477
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2026:6477
cvssv3.1 4.2 https://access.redhat.com/errata/RHSA-2026:6478
generic_textual MODERATE https://access.redhat.com/errata/RHSA-2026:6478
cvssv3 4.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
cvssv3.1 4.2 https://access.redhat.com/security/cve/CVE-2026-3429
generic_textual MODERATE https://access.redhat.com/security/cve/CVE-2026-3429
ssvc Track https://access.redhat.com/security/cve/CVE-2026-3429
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00053 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
epss 0.00061 https://api.first.org/data/v1/epss?cve=CVE-2026-3429
cvssv3.1 4.2 https://bugzilla.redhat.com/show_bug.cgi?id=2443771
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=2443771
ssvc Track https://bugzilla.redhat.com/show_bug.cgi?id=2443771
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8g9r-9wjw-37j4
cvssv3.1 4.2 https://github.com/keycloak/keycloak
generic_textual MODERATE https://github.com/keycloak/keycloak
cvssv3.1 4.2 https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
generic_textual MODERATE https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
cvssv3.1 4.2 https://github.com/keycloak/keycloak/issues/47069
generic_textual MODERATE https://github.com/keycloak/keycloak/issues/47069
cvssv3.1 4.2 https://nvd.nist.gov/vuln/detail/CVE-2026-3429
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2026-3429
Reference id Reference type URL
https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
https://access.redhat.com/security/cve/CVE-2026-3429
https://api.first.org/data/v1/epss?cve=CVE-2026-3429
https://bugzilla.redhat.com/show_bug.cgi?id=2443771
https://github.com/keycloak/keycloak
https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
https://github.com/keycloak/keycloak/issues/47069
https://nvd.nist.gov/vuln/detail/CVE-2026-3429
cpe:/a:redhat:build_keycloak: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:jbosseapxp https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:8 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
cpe:/a:redhat:red_hat_single_sign_on:7 https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
GHSA-8g9r-9wjw-37j4 https://github.com/advisories/GHSA-8g9r-9wjw-37j4
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2026:6477
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/errata/RHSA-2026:6478
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://access.redhat.com/security/cve/CVE-2026-3429
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/ Found at https://access.redhat.com/security/cve/CVE-2026-3429
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=2443771
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2443771
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://github.com/keycloak/keycloak/issues/47069
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-3429
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.13935
EPSS Score 0.00045
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:54:09.964308+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-8g9r-9wjw-37j4/GHSA-8g9r-9wjw-37j4.json 38.0.0