Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.0.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.0.10
Latest_non_vulnerable_version26.6.3
Affected_by_vulnerabilities
0
url VCID-1j4m-w46h-zkhq
vulnerability_id VCID-1j4m-w46h-zkhq
summary A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28619
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
reference_id cpe:/a:redhat:build_keycloak:26.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
reference_id cpe:/a:redhat:build_keycloak:26.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
9
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/security/cve/CVE-2025-8419
10
reference_url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
11
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id RHSA-2025:15336
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15336
12
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id RHSA-2025:15337
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15337
13
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id RHSA-2025:15338
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15338
14
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id RHSA-2025:15339
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15339
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id show_bug.cgi?id=2385776
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.8
purl pkg:maven/org.keycloak/keycloak-services@26.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8
1
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-mhqj-fy58-6fd6
12
vulnerability VCID-put6-zqp1-dkhj
13
vulnerability VCID-shne-12fw-xfbw
14
vulnerability VCID-thtq-yz7t-7kea
15
vulnerability VCID-tjyr-75f3-d7ff
16
vulnerability VCID-uuxm-2f48-3qa5
17
vulnerability VCID-vcjc-hgjb-dqhs
18
vulnerability VCID-vrhh-6fx6-zqbw
19
vulnerability VCID-wsdh-ap2m-5uat
20
vulnerability VCID-wwh9-7awg-h7g6
21
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases CVE-2025-8419, GHSA-m4j5-5x4r-2xp9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1j4m-w46h-zkhq
1
url VCID-39yc-g31q-u7gt
vulnerability_id VCID-39yc-g31q-u7gt
summary 
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
1
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id CVE-2025-3910
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3910
2
reference_url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
reference_id GHSA-fx44-2wx5-5fvp
reference_type
scores
url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-fx44-2wx5-5fvp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39yc-g31q-u7gt
2
url VCID-42w4-65kp-f7dy
vulnerability_id VCID-42w4-65kp-f7dy
summary A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2559
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11875
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2559
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2559
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2559
4
reference_url https://github.com/keycloak/keycloak/issues/38576
reference_id 38576
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://github.com/keycloak/keycloak/issues/38576
5
reference_url https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca
reference_id a10c8119d4452b866b90a9019b2cc159919276ca
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
9
reference_url https://access.redhat.com/security/cve/CVE-2025-2559
reference_id CVE-2025-2559
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/security/cve/CVE-2025-2559
10
reference_url https://github.com/advisories/GHSA-2935-2wfm-hhpv
reference_id GHSA-2935-2wfm-hhpv
reference_type
scores
url https://github.com/advisories/GHSA-2935-2wfm-hhpv
11
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id RHSA-2025:4335
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/errata/RHSA-2025:4335
12
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id RHSA-2025:4336
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://access.redhat.com/errata/RHSA-2025:4336
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2353868
reference_id show_bug.cgi?id=2353868
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2353868
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.1.5
purl pkg:maven/org.keycloak/keycloak-services@26.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-39yc-g31q-u7gt
2
vulnerability VCID-4b67-9tus-s7ds
3
vulnerability VCID-4uf3-t2q9-5fcp
4
vulnerability VCID-4y2p-6e9v-ufh7
5
vulnerability VCID-5cfv-kzxe-3qg4
6
vulnerability VCID-5gut-s9z6-u3gs
7
vulnerability VCID-6fwf-utem-8bgx
8
vulnerability VCID-82aq-wymj-ekby
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-shne-12fw-xfbw
21
vulnerability VCID-tazu-5mqv-vfaq
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-u2cc-wm39-4qax
26
vulnerability VCID-uuxm-2f48-3qa5
27
vulnerability VCID-vcjc-hgjb-dqhs
28
vulnerability VCID-vrhh-6fx6-zqbw
29
vulnerability VCID-wrdw-sj1s-bqbd
30
vulnerability VCID-wsdh-ap2m-5uat
31
vulnerability VCID-wwh9-7awg-h7g6
32
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5
aliases CVE-2025-2559, GHSA-2935-2wfm-hhpv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42w4-65kp-f7dy
3
url VCID-4b67-9tus-s7ds
vulnerability_id VCID-4b67-9tus-s7ds
summary A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10021
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
4
reference_url https://github.com/keycloak/keycloak/issues/46462
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46462
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-2733
reference_id CVE-2026-2733
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/security/cve/CVE-2026-2733
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
reference_id CVE-2026-2733
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
12
reference_url https://github.com/advisories/GHSA-fjf4-6f34-w64q
reference_id GHSA-fjf4-6f34-w64q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjf4-6f34-w64q
13
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3947
14
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3948
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
reference_id show_bug.cgi?id=2440895
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-4y2p-6e9v-ufh7
2
vulnerability VCID-5cfv-kzxe-3qg4
3
vulnerability VCID-5gut-s9z6-u3gs
4
vulnerability VCID-82aq-wymj-ekby
5
vulnerability VCID-8fsf-kear-tyb2
6
vulnerability VCID-a6bx-hkuu-zkg4
7
vulnerability VCID-czza-hz45-5ka6
8
vulnerability VCID-ecc8-b6za-vqds
9
vulnerability VCID-epvz-duxp-tyf7
10
vulnerability VCID-put6-zqp1-dkhj
11
vulnerability VCID-shne-12fw-xfbw
12
vulnerability VCID-thtq-yz7t-7kea
13
vulnerability VCID-tjyr-75f3-d7ff
14
vulnerability VCID-uuxm-2f48-3qa5
15
vulnerability VCID-vcjc-hgjb-dqhs
16
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2733, GHSA-fjf4-6f34-w64q
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b67-9tus-s7ds
4
url VCID-4uf3-t2q9-5fcp
vulnerability_id VCID-4uf3-t2q9-5fcp
summary A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01907
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
4
reference_url https://github.com/keycloak/keycloak/issues/46719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46719
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-3121
reference_id CVE-2026-3121
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/security/cve/CVE-2026-3121
11
reference_url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
reference_id GHSA-7xf9-4jfc-wgm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
reference_id show_bug.cgi?id=2442277
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3121, GHSA-7xf9-4jfc-wgm4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uf3-t2q9-5fcp
5
url VCID-4y2p-6e9v-ufh7
vulnerability_id VCID-4y2p-6e9v-ufh7
summary A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11426
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
4
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
5
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id CVE-2026-3009
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id CVE-2026-3009
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
12
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
13
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
14
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id show_bug.cgi?id=2441867
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4y2p-6e9v-ufh7
6
url VCID-5cfv-kzxe-3qg4
vulnerability_id VCID-5cfv-kzxe-3qg4
summary A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.1569
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/48049
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/48049
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://access.redhat.com/security/cve/CVE-2026-37980
reference_id CVE-2026-37980
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://access.redhat.com/security/cve/CVE-2026-37980
7
reference_url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
reference_id GHSA-m32f-8vh9-2hh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
reference_id show_bug.cgi?id=2455325
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-37980, GHSA-m32f-8vh9-2hh3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfv-kzxe-3qg4
7
url VCID-5gut-s9z6-u3gs
vulnerability_id VCID-5gut-s9z6-u3gs
summary A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28116
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-2092
reference_id CVE-2026-2092
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/security/cve/CVE-2026-2092
8
reference_url https://github.com/advisories/GHSA-wmxr-6j5f-838p
reference_id GHSA-wmxr-6j5f-838p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmxr-6j5f-838p
9
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id RHSA-2026:3925
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3925
10
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id RHSA-2026:3926
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3926
11
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
12
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
reference_id show_bug.cgi?id=2437296
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.14
purl pkg:maven/org.keycloak/keycloak-services@26.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14
1
url pkg:maven/org.keycloak/keycloak-services@26.4.10
purl pkg:maven/org.keycloak/keycloak-services@26.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10
2
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs
8
url VCID-6fwf-utem-8bgx
vulnerability_id VCID-6fwf-utem-8bgx
summary A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19282
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
4
reference_url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
5
reference_url https://github.com/keycloak/keycloak/pull/43790
reference_id 43790
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://github.com/keycloak/keycloak/pull/43790
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/security/cve/CVE-2025-12110
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
10
reference_url https://github.com/advisories/GHSA-895x-rfqp-jh5c
reference_id GHSA-895x-rfqp-jh5c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-895x-rfqp-jh5c
11
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id RHSA-2025:21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21370
12
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id RHSA-2025:21371
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21371
13
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id RHSA-2025:22088
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22088
14
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id RHSA-2025:22089
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22089
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
reference_id show_bug.cgi?id=2406033
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.3
purl pkg:maven/org.keycloak/keycloak-services@26.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-85r1-z7c6-6bcb
8
vulnerability VCID-8baa-m4rc-aqh5
9
vulnerability VCID-8fsf-kear-tyb2
10
vulnerability VCID-a6bx-hkuu-zkg4
11
vulnerability VCID-b7ak-4hjc-xuhh
12
vulnerability VCID-czza-hz45-5ka6
13
vulnerability VCID-ecc8-b6za-vqds
14
vulnerability VCID-epvz-duxp-tyf7
15
vulnerability VCID-f2m5-cwr1-ryc1
16
vulnerability VCID-feud-rr2t-tyfx
17
vulnerability VCID-mhqj-fy58-6fd6
18
vulnerability VCID-put6-zqp1-dkhj
19
vulnerability VCID-sa2j-p1w2-ebgj
20
vulnerability VCID-shne-12fw-xfbw
21
vulnerability VCID-thtq-yz7t-7kea
22
vulnerability VCID-tjyr-75f3-d7ff
23
vulnerability VCID-u1aa-s9ru-w3gf
24
vulnerability VCID-uuxm-2f48-3qa5
25
vulnerability VCID-vcjc-hgjb-dqhs
26
vulnerability VCID-vrhh-6fx6-zqbw
27
vulnerability VCID-wsdh-ap2m-5uat
28
vulnerability VCID-wwh9-7awg-h7g6
29
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3
aliases CVE-2025-12110, GHSA-895x-rfqp-jh5c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-utem-8bgx
9
url VCID-6j4h-u22h-cubz
vulnerability_id VCID-6j4h-u22h-cubz
summary A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10270
reference_id
reference_type
scores
0
value 0.00124
scoring_system epss
scoring_elements 0.31158
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10270
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
5
reference_url https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4
reference_id 5d6c91f3309db468b0fe4834e88c3d25649f73e4
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
reference_id cpe:/a:redhat:build_keycloak:24
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
reference_id cpe:/a:redhat:build_keycloak:24::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
13
reference_url https://access.redhat.com/security/cve/CVE-2024-10270
reference_id CVE-2024-10270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/security/cve/CVE-2024-10270
14
reference_url https://github.com/advisories/GHSA-wq8x-cg39-8mrr
reference_id GHSA-wq8x-cg39-8mrr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://github.com/advisories/GHSA-wq8x-cg39-8mrr
15
reference_url https://access.redhat.com/errata/RHSA-2024:10175
reference_id RHSA-2024:10175
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10175
16
reference_url https://access.redhat.com/errata/RHSA-2024:10176
reference_id RHSA-2024:10176
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10176
17
reference_url https://access.redhat.com/errata/RHSA-2024:10177
reference_id RHSA-2024:10177
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10177
18
reference_url https://access.redhat.com/errata/RHSA-2024:10178
reference_id RHSA-2024:10178
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://access.redhat.com/errata/RHSA-2024:10178
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
reference_id show_bug.cgi?id=2321214
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2321214
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.6
purl pkg:maven/org.keycloak/keycloak-services@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-39yc-g31q-u7gt
2
vulnerability VCID-42w4-65kp-f7dy
3
vulnerability VCID-4b67-9tus-s7ds
4
vulnerability VCID-4uf3-t2q9-5fcp
5
vulnerability VCID-4y2p-6e9v-ufh7
6
vulnerability VCID-5cfv-kzxe-3qg4
7
vulnerability VCID-5gut-s9z6-u3gs
8
vulnerability VCID-6fwf-utem-8bgx
9
vulnerability VCID-82aq-wymj-ekby
10
vulnerability VCID-85r1-z7c6-6bcb
11
vulnerability VCID-8baa-m4rc-aqh5
12
vulnerability VCID-8fsf-kear-tyb2
13
vulnerability VCID-a6bx-hkuu-zkg4
14
vulnerability VCID-b7ak-4hjc-xuhh
15
vulnerability VCID-czza-hz45-5ka6
16
vulnerability VCID-ecc8-b6za-vqds
17
vulnerability VCID-epvz-duxp-tyf7
18
vulnerability VCID-f2m5-cwr1-ryc1
19
vulnerability VCID-feud-rr2t-tyfx
20
vulnerability VCID-mhqj-fy58-6fd6
21
vulnerability VCID-put6-zqp1-dkhj
22
vulnerability VCID-shne-12fw-xfbw
23
vulnerability VCID-tazu-5mqv-vfaq
24
vulnerability VCID-thtq-yz7t-7kea
25
vulnerability VCID-tjyr-75f3-d7ff
26
vulnerability VCID-u1aa-s9ru-w3gf
27
vulnerability VCID-u2cc-wm39-4qax
28
vulnerability VCID-uuxm-2f48-3qa5
29
vulnerability VCID-vcjc-hgjb-dqhs
30
vulnerability VCID-vrhh-6fx6-zqbw
31
vulnerability VCID-wrdw-sj1s-bqbd
32
vulnerability VCID-wsdh-ap2m-5uat
33
vulnerability VCID-wwh9-7awg-h7g6
34
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6
aliases CVE-2024-10270, GHSA-wq8x-cg39-8mrr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6j4h-u22h-cubz
10
url VCID-82aq-wymj-ekby
vulnerability_id VCID-82aq-wymj-ekby
summary A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.019
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
9
reference_url https://access.redhat.com/security/cve/CVE-2026-4874
reference_id CVE-2026-4874
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/security/cve/CVE-2026-4874
10
reference_url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
reference_id GHSA-22rm-wp4x-v5cx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
11
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/errata/RHSA-2026:25097
12
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/errata/RHSA-2026:25098
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
reference_id show_bug.cgi?id=2451611
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6bx-hkuu-zkg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4874, GHSA-22rm-wp4x-v5cx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wymj-ekby
11
url VCID-85r1-z7c6-6bcb
vulnerability_id VCID-85r1-z7c6-6bcb
summary A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.1367
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/releases/tag/26.0.13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.0.13
4
reference_url https://github.com/keycloak/keycloak/releases/tag/26.2.6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.2.6
5
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
6
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
8
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id 40446
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://github.com/keycloak/keycloak/issues/40446
9
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id 40520
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://github.com/keycloak/keycloak/pull/40520
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id CVE-2025-7365
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/security/cve/CVE-2025-7365
13
reference_url https://github.com/advisories/GHSA-xhpr-465j-7p9q
reference_id GHSA-xhpr-465j-7p9q
reference_type
scores
url https://github.com/advisories/GHSA-xhpr-465j-7p9q
14
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id RHSA-2025:11986
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11986
15
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id RHSA-2025:11987
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11987
16
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id RHSA-2025:12015
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12015
17
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id RHSA-2025:12016
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12016
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id show_bug.cgi?id=2378852
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.13
purl pkg:maven/org.keycloak/keycloak-services@26.0.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13
1
url pkg:maven/org.keycloak/keycloak-services@26.1.0
purl pkg:maven/org.keycloak/keycloak-services@26.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-39yc-g31q-u7gt
2
vulnerability VCID-42w4-65kp-f7dy
3
vulnerability VCID-4b67-9tus-s7ds
4
vulnerability VCID-4uf3-t2q9-5fcp
5
vulnerability VCID-4y2p-6e9v-ufh7
6
vulnerability VCID-5cfv-kzxe-3qg4
7
vulnerability VCID-5gut-s9z6-u3gs
8
vulnerability VCID-6fwf-utem-8bgx
9
vulnerability VCID-82aq-wymj-ekby
10
vulnerability VCID-8baa-m4rc-aqh5
11
vulnerability VCID-8fsf-kear-tyb2
12
vulnerability VCID-a6bx-hkuu-zkg4
13
vulnerability VCID-b7ak-4hjc-xuhh
14
vulnerability VCID-czza-hz45-5ka6
15
vulnerability VCID-ecc8-b6za-vqds
16
vulnerability VCID-epvz-duxp-tyf7
17
vulnerability VCID-f2m5-cwr1-ryc1
18
vulnerability VCID-feud-rr2t-tyfx
19
vulnerability VCID-mhqj-fy58-6fd6
20
vulnerability VCID-put6-zqp1-dkhj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-tazu-5mqv-vfaq
23
vulnerability VCID-thtq-yz7t-7kea
24
vulnerability VCID-tjyr-75f3-d7ff
25
vulnerability VCID-u1aa-s9ru-w3gf
26
vulnerability VCID-u2cc-wm39-4qax
27
vulnerability VCID-uuxm-2f48-3qa5
28
vulnerability VCID-vcjc-hgjb-dqhs
29
vulnerability VCID-vrhh-6fx6-zqbw
30
vulnerability VCID-wrdw-sj1s-bqbd
31
vulnerability VCID-wsdh-ap2m-5uat
32
vulnerability VCID-wwh9-7awg-h7g6
33
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0
2
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
3
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7365, GHSA-xhpr-465j-7p9q
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85r1-z7c6-6bcb
12
url VCID-8baa-m4rc-aqh5
vulnerability_id VCID-8baa-m4rc-aqh5
summary 
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.

### Original Description
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
3
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id CVE-2025-7365
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7365
4
reference_url https://github.com/advisories/GHSA-gj52-35xm-gxjh
reference_id GHSA-gj52-35xm-gxjh
reference_type
scores
url https://github.com/advisories/GHSA-gj52-35xm-gxjh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases GHSA-gj52-35xm-gxjh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8baa-m4rc-aqh5
13
url VCID-8fsf-kear-tyb2
vulnerability_id VCID-8fsf-kear-tyb2
summary A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: ["*"]`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01213
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2026-37977
reference_id CVE-2026-37977
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/security/cve/CVE-2026-37977
6
reference_url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
reference_id GHSA-5v8v-xvjv-57x7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
7
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/errata/RHSA-2026:25097
8
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/errata/RHSA-2026:25098
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
reference_id show_bug.cgi?id=2455324
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-a6bx-hkuu-zkg4
2
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-37977, GHSA-5v8v-xvjv-57x7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fsf-kear-tyb2
14
url VCID-a6bx-hkuu-zkg4
vulnerability_id VCID-a6bx-hkuu-zkg4
summary When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7500
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08686
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7500
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/48709
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/48709
4
reference_url https://github.com/keycloak/keycloak/pull/48715
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/48715
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-7500
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-7500
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-7500
reference_id CVE-2026-7500
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/security/cve/CVE-2026-7500
8
reference_url https://github.com/advisories/GHSA-hm32-hfmw-rhvg
reference_id GHSA-hm32-hfmw-rhvg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm32-hfmw-rhvg
9
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/errata/RHSA-2026:25097
10
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/errata/RHSA-2026:25098
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2464126
reference_id show_bug.cgi?id=2464126
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2464126
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.2
purl pkg:maven/org.keycloak/keycloak-services@26.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-99gq-5t6k-7yf5
1
vulnerability VCID-e94v-acqx-1bcp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2
aliases CVE-2026-7500, GHSA-hm32-hfmw-rhvg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6bx-hkuu-zkg4
15
url VCID-b7ak-4hjc-xuhh
vulnerability_id VCID-b7ak-4hjc-xuhh
summary A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01027
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45493
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45493
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14083
reference_id CVE-2025-14083
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/security/cve/CVE-2025-14083
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
reference_id CVE-2025-14083
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
7
reference_url https://github.com/advisories/GHSA-594w-2fwp-jwrc
reference_id GHSA-594w-2fwp-jwrc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-594w-2fwp-jwrc
8
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6477
9
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6478
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
reference_id show_bug.cgi?id=2419086
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-14083, GHSA-594w-2fwp-jwrc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ak-4hjc-xuhh
16
url VCID-czza-hz45-5ka6
vulnerability_id VCID-czza-hz45-5ka6
summary A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.0319
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
4
reference_url https://github.com/keycloak/keycloak/issues/47717
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47717
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4636
reference_id CVE-2026-4636
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/security/cve/CVE-2026-4636
9
reference_url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
reference_id GHSA-f2hx-5fx3-hmcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
reference_id show_bug.cgi?id=2450251
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4636, GHSA-f2hx-5fx3-hmcv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czza-hz45-5ka6
17
url VCID-ecc8-b6za-vqds
vulnerability_id VCID-ecc8-b6za-vqds
summary A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02118
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
4
reference_url https://github.com/keycloak/keycloak/issues/46723
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46723
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://access.redhat.com/security/cve/CVE-2026-3190
reference_id CVE-2026-3190
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://access.redhat.com/security/cve/CVE-2026-3190
8
reference_url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id GHSA-q35r-vvhv-vx5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
9
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
10
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
reference_id show_bug.cgi?id=2442572
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3190, GHSA-q35r-vvhv-vx5h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecc8-b6za-vqds
18
url VCID-epvz-duxp-tyf7
vulnerability_id VCID-epvz-duxp-tyf7
summary A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02527
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
4
reference_url https://github.com/keycloak/keycloak/issues/47718
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47718
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/security/cve/CVE-2026-3872
9
reference_url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
reference_id GHSA-cjm2-j6cm-6p6m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
reference_id show_bug.cgi?id=2445988
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3872, GHSA-cjm2-j6cm-6p6m
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epvz-duxp-tyf7
19
url VCID-f2m5-cwr1-ryc1
vulnerability_id VCID-f2m5-cwr1-ryc1
summary 
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

### Original Description
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
2
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-8419
3
reference_url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
reference_id GHSA-qj5r-2r5p-phc7
reference_type
scores
url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-mhqj-fy58-6fd6
12
vulnerability VCID-put6-zqp1-dkhj
13
vulnerability VCID-shne-12fw-xfbw
14
vulnerability VCID-thtq-yz7t-7kea
15
vulnerability VCID-tjyr-75f3-d7ff
16
vulnerability VCID-uuxm-2f48-3qa5
17
vulnerability VCID-vcjc-hgjb-dqhs
18
vulnerability VCID-vrhh-6fx6-zqbw
19
vulnerability VCID-wsdh-ap2m-5uat
20
vulnerability VCID-wwh9-7awg-h7g6
21
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases GHSA-qj5r-2r5p-phc7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2m5-cwr1-ryc1
20
url VCID-feud-rr2t-tyfx
vulnerability_id VCID-feud-rr2t-tyfx
summary A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01686
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45647
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45647
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-1035
reference_id CVE-2026-1035
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/security/cve/CVE-2026-1035
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
reference_id CVE-2026-1035
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
10
reference_url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
reference_id GHSA-m2w5-7xhv-w6fh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
11
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6477
12
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6478
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
reference_id show_bug.cgi?id=2430314
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2026-1035, GHSA-m2w5-7xhv-w6fh
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feud-rr2t-tyfx
21
url VCID-mhqj-fy58-6fd6
vulnerability_id VCID-mhqj-fy58-6fd6
summary A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.0259
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
4
reference_url https://github.com/keycloak/keycloak/issues/35110
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35110
5
reference_url https://github.com/keycloak/keycloak/issues/43723
reference_id 43723
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://github.com/keycloak/keycloak/issues/43723
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-12150
reference_id CVE-2025-12150
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/security/cve/CVE-2025-12150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
reference_id CVE-2025-12150
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
10
reference_url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
reference_id GHSA-7g5x-9c4v-4w5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
11
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id RHSA-2025:21370
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21370
12
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id RHSA-2025:21371
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21371
13
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id RHSA-2025:22088
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22088
14
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id RHSA-2025:22089
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22089
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
reference_id show_bug.cgi?id=2406192
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.4
purl pkg:maven/org.keycloak/keycloak-services@26.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-put6-zqp1-dkhj
12
vulnerability VCID-shne-12fw-xfbw
13
vulnerability VCID-thtq-yz7t-7kea
14
vulnerability VCID-tjyr-75f3-d7ff
15
vulnerability VCID-uuxm-2f48-3qa5
16
vulnerability VCID-vcjc-hgjb-dqhs
17
vulnerability VCID-vrhh-6fx6-zqbw
18
vulnerability VCID-wsdh-ap2m-5uat
19
vulnerability VCID-wwh9-7awg-h7g6
20
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4
aliases CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqj-fy58-6fd6
22
url VCID-put6-zqp1-dkhj
vulnerability_id VCID-put6-zqp1-dkhj
summary A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
4
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
5
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id CVE-2026-3911
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id CVE-2026-3911
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
9
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
10
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
11
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id show_bug.cgi?id=2446392
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-put6-zqp1-dkhj
23
url VCID-shne-12fw-xfbw
vulnerability_id VCID-shne-12fw-xfbw
summary A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45486
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
4
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
5
reference_url https://github.com/keycloak/keycloak/commits/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commits/26.5.5
6
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
7
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id CVE-2026-2603
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
12
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
13
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id RHSA-2026:3925
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
14
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id RHSA-2026:3926
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
15
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
16
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id show_bug.cgi?id=2440300
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shne-12fw-xfbw
24
url VCID-tazu-5mqv-vfaq
vulnerability_id VCID-tazu-5mqv-vfaq
summary 
Duplicate Advisory: Keycloak hostname verification
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
2
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id CVE-2025-3501
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3501
3
reference_url https://github.com/advisories/GHSA-r934-w73g-v4p8
reference_id GHSA-r934-w73g-v4p8
reference_type
scores
url https://github.com/advisories/GHSA-r934-w73g-v4p8
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-r934-w73g-v4p8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tazu-5mqv-vfaq
25
url VCID-thtq-yz7t-7kea
vulnerability_id VCID-thtq-yz7t-7kea
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05955
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
4
reference_url https://github.com/keycloak/keycloak/issues/47719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47719
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4282
reference_id CVE-2026-4282
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/security/cve/CVE-2026-4282
9
reference_url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
reference_id GHSA-hj93-h7pg-fh6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
reference_id show_bug.cgi?id=2448061
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4282, GHSA-hj93-h7pg-fh6v
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thtq-yz7t-7kea
26
url VCID-tjyr-75f3-d7ff
vulnerability_id VCID-tjyr-75f3-d7ff
summary A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04244
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
4
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
9
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id CVE-2026-3429
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id CVE-2026-3429
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
11
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id show_bug.cgi?id=2443771
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjyr-75f3-d7ff
27
url VCID-u1aa-s9ru-w3gf
vulnerability_id VCID-u1aa-s9ru-w3gf
summary 
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.

### Original Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
2
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
4
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id CVE-2025-7784
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7784
5
reference_url https://github.com/advisories/GHSA-83j7-mhw9-388w
reference_id GHSA-83j7-mhw9-388w
reference_type
scores
url https://github.com/advisories/GHSA-83j7-mhw9-388w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.2
purl pkg:maven/org.keycloak/keycloak-services@26.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-a6bx-hkuu-zkg4
9
vulnerability VCID-czza-hz45-5ka6
10
vulnerability VCID-ecc8-b6za-vqds
11
vulnerability VCID-epvz-duxp-tyf7
12
vulnerability VCID-f2m5-cwr1-ryc1
13
vulnerability VCID-mhqj-fy58-6fd6
14
vulnerability VCID-put6-zqp1-dkhj
15
vulnerability VCID-shne-12fw-xfbw
16
vulnerability VCID-thtq-yz7t-7kea
17
vulnerability VCID-tjyr-75f3-d7ff
18
vulnerability VCID-uuxm-2f48-3qa5
19
vulnerability VCID-vcjc-hgjb-dqhs
20
vulnerability VCID-vrhh-6fx6-zqbw
21
vulnerability VCID-wsdh-ap2m-5uat
22
vulnerability VCID-wwh9-7awg-h7g6
23
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2
aliases GHSA-83j7-mhw9-388w
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1aa-s9ru-w3gf
28
url VCID-u2cc-wm39-4qax
vulnerability_id VCID-u2cc-wm39-4qax
summary A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23484
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
6
reference_url https://github.com/keycloak/keycloak/issues/39350
reference_id 39350
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/issues/39350
7
reference_url https://github.com/keycloak/keycloak/pull/39366
reference_id 39366
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/pull/39366
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
12
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id CVE-2025-3501
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/security/cve/CVE-2025-3501
13
reference_url https://github.com/advisories/GHSA-hw58-3793-42gg
reference_id GHSA-hw58-3793-42gg
reference_type
scores
url https://github.com/advisories/GHSA-hw58-3793-42gg
14
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id RHSA-2025:4335
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4335
15
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id RHSA-2025:4336
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4336
16
reference_url https://access.redhat.com/errata/RHSA-2025:8672
reference_id RHSA-2025:8672
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:8672
17
reference_url https://access.redhat.com/errata/RHSA-2025:8690
reference_id RHSA-2025:8690
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:8690
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
reference_id show_bug.cgi?id=2358834
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3501, GHSA-hw58-3793-42gg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cc-wm39-4qax
29
url VCID-ugt9-3hnt-jkea
vulnerability_id VCID-ugt9-3hnt-jkea
summary 
Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.

## Original Description
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-10270
1
reference_url https://access.redhat.com/security/cve/CVE-2024-10270
reference_id CVE-2024-10270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2024-10270
2
reference_url https://github.com/advisories/GHSA-j3x3-r585-4qhg
reference_id GHSA-j3x3-r585-4qhg
reference_type
scores
url https://github.com/advisories/GHSA-j3x3-r585-4qhg
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.6
purl pkg:maven/org.keycloak/keycloak-services@26.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-39yc-g31q-u7gt
2
vulnerability VCID-42w4-65kp-f7dy
3
vulnerability VCID-4b67-9tus-s7ds
4
vulnerability VCID-4uf3-t2q9-5fcp
5
vulnerability VCID-4y2p-6e9v-ufh7
6
vulnerability VCID-5cfv-kzxe-3qg4
7
vulnerability VCID-5gut-s9z6-u3gs
8
vulnerability VCID-6fwf-utem-8bgx
9
vulnerability VCID-82aq-wymj-ekby
10
vulnerability VCID-85r1-z7c6-6bcb
11
vulnerability VCID-8baa-m4rc-aqh5
12
vulnerability VCID-8fsf-kear-tyb2
13
vulnerability VCID-a6bx-hkuu-zkg4
14
vulnerability VCID-b7ak-4hjc-xuhh
15
vulnerability VCID-czza-hz45-5ka6
16
vulnerability VCID-ecc8-b6za-vqds
17
vulnerability VCID-epvz-duxp-tyf7
18
vulnerability VCID-f2m5-cwr1-ryc1
19
vulnerability VCID-feud-rr2t-tyfx
20
vulnerability VCID-mhqj-fy58-6fd6
21
vulnerability VCID-put6-zqp1-dkhj
22
vulnerability VCID-shne-12fw-xfbw
23
vulnerability VCID-tazu-5mqv-vfaq
24
vulnerability VCID-thtq-yz7t-7kea
25
vulnerability VCID-tjyr-75f3-d7ff
26
vulnerability VCID-u1aa-s9ru-w3gf
27
vulnerability VCID-u2cc-wm39-4qax
28
vulnerability VCID-uuxm-2f48-3qa5
29
vulnerability VCID-vcjc-hgjb-dqhs
30
vulnerability VCID-vrhh-6fx6-zqbw
31
vulnerability VCID-wrdw-sj1s-bqbd
32
vulnerability VCID-wsdh-ap2m-5uat
33
vulnerability VCID-wwh9-7awg-h7g6
34
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6
aliases GHSA-j3x3-r585-4qhg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ugt9-3hnt-jkea
30
url VCID-uuxm-2f48-3qa5
vulnerability_id VCID-uuxm-2f48-3qa5
summary A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01515
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4628
reference_id CVE-2026-4628
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4628
9
reference_url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
reference_id GHSA-4pgc-gfrr-wcmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
reference_id show_bug.cgi?id=2450240
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6bx-hkuu-zkg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4628, GHSA-4pgc-gfrr-wcmg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuxm-2f48-3qa5
31
url VCID-vcjc-hgjb-dqhs
vulnerability_id VCID-vcjc-hgjb-dqhs
summary A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07454
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
4
reference_url https://github.com/keycloak/keycloak/issues/47716
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47716
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4634
reference_id CVE-2026-4634
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4634
9
reference_url https://github.com/advisories/GHSA-h4wv-g838-66g3
reference_id GHSA-h4wv-g838-66g3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4wv-g838-66g3
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
reference_id show_bug.cgi?id=2450250
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4634, GHSA-h4wv-g838-66g3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcjc-hgjb-dqhs
32
url VCID-vrhh-6fx6-zqbw
vulnerability_id VCID-vrhh-6fx6-zqbw
summary A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01624
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/security/cve/CVE-2025-14082
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
7
reference_url https://github.com/advisories/GHSA-6q37-7866-h27j
reference_id GHSA-6q37-7866-h27j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q37-7866-h27j
8
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6477
9
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6478
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
reference_id show_bug.cgi?id=2419078
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.0
purl pkg:maven/org.keycloak/keycloak-services@26.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ec5w-983u-tbbz
10
vulnerability VCID-ecc8-b6za-vqds
11
vulnerability VCID-epvz-duxp-tyf7
12
vulnerability VCID-hdz7-3722-xfe6
13
vulnerability VCID-mdys-vw33-uqa1
14
vulnerability VCID-p11z-217w-r3d3
15
vulnerability VCID-put6-zqp1-dkhj
16
vulnerability VCID-shne-12fw-xfbw
17
vulnerability VCID-thtq-yz7t-7kea
18
vulnerability VCID-tjyr-75f3-d7ff
19
vulnerability VCID-ttpj-h8z5-tfgw
20
vulnerability VCID-uuxm-2f48-3qa5
21
vulnerability VCID-vcjc-hgjb-dqhs
22
vulnerability VCID-wsdh-ap2m-5uat
23
vulnerability VCID-wwh9-7awg-h7g6
24
vulnerability VCID-yfgh-e1hw-1ff7
25
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0
aliases CVE-2025-14082, GHSA-6q37-7866-h27j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrhh-6fx6-zqbw
33
url VCID-wrdw-sj1s-bqbd
vulnerability_id VCID-wrdw-sj1s-bqbd
summary A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.24911
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
5
reference_url https://github.com/keycloak/keycloak/issues/39349
reference_id 39349
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://github.com/keycloak/keycloak/issues/39349
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id CVE-2025-3910
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/security/cve/CVE-2025-3910
9
reference_url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
reference_id GHSA-5jfq-x6xp-7rw2
reference_type
scores
url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
10
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id RHSA-2025:4335
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4335
11
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id RHSA-2025:4336
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4336
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
reference_id show_bug.cgi?id=2361923
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3910, GHSA-5jfq-x6xp-7rw2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrdw-sj1s-bqbd
34
url VCID-wsdh-ap2m-5uat
vulnerability_id VCID-wsdh-ap2m-5uat
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14669
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
4
reference_url https://github.com/keycloak/keycloak/issues/47715
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47715
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4325
reference_id CVE-2026-4325
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/security/cve/CVE-2026-4325
9
reference_url https://github.com/advisories/GHSA-rx66-hj7g-28h7
reference_id GHSA-rx66-hj7g-28h7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rx66-hj7g-28h7
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
reference_id show_bug.cgi?id=2448351
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4325, GHSA-rx66-hj7g-28h7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdh-ap2m-5uat
35
url VCID-wwh9-7awg-h7g6
vulnerability_id VCID-wwh9-7awg-h7g6
summary A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09211
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
4
reference_url https://github.com/keycloak/keycloak/issues/46372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46372
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-2575
reference_id CVE-2026-2575
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/security/cve/CVE-2026-2575
8
reference_url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
reference_id GHSA-xv6h-r36f-3gp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
9
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3947
10
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3948
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
reference_id show_bug.cgi?id=2440149
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-4y2p-6e9v-ufh7
2
vulnerability VCID-5cfv-kzxe-3qg4
3
vulnerability VCID-5gut-s9z6-u3gs
4
vulnerability VCID-82aq-wymj-ekby
5
vulnerability VCID-8fsf-kear-tyb2
6
vulnerability VCID-a6bx-hkuu-zkg4
7
vulnerability VCID-czza-hz45-5ka6
8
vulnerability VCID-ecc8-b6za-vqds
9
vulnerability VCID-epvz-duxp-tyf7
10
vulnerability VCID-put6-zqp1-dkhj
11
vulnerability VCID-shne-12fw-xfbw
12
vulnerability VCID-thtq-yz7t-7kea
13
vulnerability VCID-tjyr-75f3-d7ff
14
vulnerability VCID-uuxm-2f48-3qa5
15
vulnerability VCID-vcjc-hgjb-dqhs
16
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2575, GHSA-xv6h-r36f-3gp5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwh9-7awg-h7g6
36
url VCID-zjcz-6z84-6ub3
vulnerability_id VCID-zjcz-6z84-6ub3
summary A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06775
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45646
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/security/cve/CVE-2026-1190
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
10
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
11
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3947
12
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3948
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id show_bug.cgi?id=2430835
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-put6-zqp1-dkhj
12
vulnerability VCID-shne-12fw-xfbw
13
vulnerability VCID-thtq-yz7t-7kea
14
vulnerability VCID-tjyr-75f3-d7ff
15
vulnerability VCID-uuxm-2f48-3qa5
16
vulnerability VCID-vcjc-hgjb-dqhs
17
vulnerability VCID-wsdh-ap2m-5uat
18
vulnerability VCID-wwh9-7awg-h7g6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcz-6z84-6ub3
Fixing_vulnerabilities
0
url VCID-6t42-926q-3bhd
vulnerability_id VCID-6t42-926q-3bhd
summary A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12390
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04481
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12390
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282
4
reference_url https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a
5
reference_url https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d
6
reference_url https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80
7
reference_url https://github.com/keycloak/keycloak/discussions/31265
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/discussions/31265
8
reference_url https://github.com/keycloak/keycloak/issues/32197
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/32197
9
reference_url https://github.com/keycloak/keycloak/issues/43853
reference_id 43853
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://github.com/keycloak/keycloak/issues/43853
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2025-12390
reference_id CVE-2025-12390
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/security/cve/CVE-2025-12390
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12390
reference_id CVE-2025-12390
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12390
14
reference_url https://github.com/advisories/GHSA-rg35-5v25-mqvp
reference_id GHSA-rg35-5v25-mqvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rg35-5v25-mqvp
15
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id RHSA-2025:21370
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:21370
16
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id RHSA-2025:21371
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:21371
17
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id RHSA-2025:22088
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:22088
18
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id RHSA-2025:22089
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://access.redhat.com/errata/RHSA-2025:22089
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406793
reference_id show_bug.cgi?id=2406793
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406793
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.0.0
purl pkg:maven/org.keycloak/keycloak-services@26.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-39yc-g31q-u7gt
2
vulnerability VCID-42w4-65kp-f7dy
3
vulnerability VCID-4b67-9tus-s7ds
4
vulnerability VCID-4uf3-t2q9-5fcp
5
vulnerability VCID-4y2p-6e9v-ufh7
6
vulnerability VCID-5cfv-kzxe-3qg4
7
vulnerability VCID-5gut-s9z6-u3gs
8
vulnerability VCID-6fwf-utem-8bgx
9
vulnerability VCID-6j4h-u22h-cubz
10
vulnerability VCID-82aq-wymj-ekby
11
vulnerability VCID-85r1-z7c6-6bcb
12
vulnerability VCID-8baa-m4rc-aqh5
13
vulnerability VCID-8fsf-kear-tyb2
14
vulnerability VCID-a6bx-hkuu-zkg4
15
vulnerability VCID-b7ak-4hjc-xuhh
16
vulnerability VCID-czza-hz45-5ka6
17
vulnerability VCID-ecc8-b6za-vqds
18
vulnerability VCID-epvz-duxp-tyf7
19
vulnerability VCID-f2m5-cwr1-ryc1
20
vulnerability VCID-feud-rr2t-tyfx
21
vulnerability VCID-mhqj-fy58-6fd6
22
vulnerability VCID-put6-zqp1-dkhj
23
vulnerability VCID-shne-12fw-xfbw
24
vulnerability VCID-tazu-5mqv-vfaq
25
vulnerability VCID-thtq-yz7t-7kea
26
vulnerability VCID-tjyr-75f3-d7ff
27
vulnerability VCID-u1aa-s9ru-w3gf
28
vulnerability VCID-u2cc-wm39-4qax
29
vulnerability VCID-ugt9-3hnt-jkea
30
vulnerability VCID-uuxm-2f48-3qa5
31
vulnerability VCID-vcjc-hgjb-dqhs
32
vulnerability VCID-vrhh-6fx6-zqbw
33
vulnerability VCID-wrdw-sj1s-bqbd
34
vulnerability VCID-wsdh-ap2m-5uat
35
vulnerability VCID-wwh9-7awg-h7g6
36
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0
aliases CVE-2025-12390, GHSA-rg35-5v25-mqvp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6t42-926q-3bhd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0