{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","type":"maven","namespace":"org.keycloak","name":"keycloak-services","version":"26.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.6.3","latest_non_vulnerable_version":"26.6.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63842?format=json","vulnerability_id":"VCID-12yb-w8kt-jyg3","summary":"keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4634"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07056","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.07061","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47716","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250","reference_id":"2450250","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-h4wv-g838-66g3","reference_id":"GHSA-h4wv-g838-66g3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h4wv-g838-66g3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4634","GHSA-h4wv-g838-66g3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12yb-w8kt-jyg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50443?format=json","vulnerability_id":"VCID-1fwh-a287-5qgt","summary":"Keycloak REST Services has a WebAuthn Attestation Statement Verification Bypass\nA flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02673","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02665","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"},{"reference_url":"https://github.com/keycloak/keycloak/issues/35110","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/35110"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43723","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43723"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150"},{"reference_url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r","reference_id":"GHSA-7g5x-9c4v-4w5r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74340?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4"}],"aliases":["CVE-2025-12150","GHSA-7g5x-9c4v-4w5r"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fwh-a287-5qgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63838?format=json","vulnerability_id":"VCID-7uk5-w4qh-8uhq","summary":"keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3872"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01743","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01749","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47718","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988","reference_id":"2445988","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m","reference_id":"GHSA-cjm2-j6cm-6p6m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3872","GHSA-cjm2-j6cm-6p6m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7uk5-w4qh-8uhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50263?format=json","vulnerability_id":"VCID-bebk-k27t-4qgf","summary":"Keycloak: Missing Check on Disabled Client for Docker Registry Protocol\nA flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10023","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10007","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46462","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46462"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733"},{"reference_url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q","reference_id":"GHSA-fjf4-6f34-w64q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112932?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2733","GHSA-fjf4-6f34-w64q"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bebk-k27t-4qgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50082?format=json","vulnerability_id":"VCID-bw6h-4h9x-rbab","summary":"Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService\nA flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2363","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2364","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2366","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2366"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14778.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14778.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14778","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01754","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01747","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14778"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422600","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422600"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46147","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46147"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46154","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46154"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14778","reference_id":"CVE-2025-14778","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T19:51:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14778"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14778","reference_id":"CVE-2025-14778","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14778"},{"reference_url":"https://github.com/advisories/GHSA-fm6w-rrp3-2x4w","reference_id":"GHSA-fm6w-rrp3-2x4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fm6w-rrp3-2x4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73557?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/73948?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2025-14778","GHSA-fm6w-rrp3-2x4w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw6h-4h9x-rbab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50069?format=json","vulnerability_id":"VCID-c58s-s3rb-27fw","summary":"Keycloak affected by improper invitation token validation\nA flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2363","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2363"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2364","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2365","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2366","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:2366"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1529.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1529","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01992","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.01984","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1529"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433783","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433783"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/82cd7941d1dd28fa14a67a6e6b912301f1a5e1a1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/82cd7941d1dd28fa14a67a6e6b912301f1a5e1a1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8fc9a98026106a326f4faa98d4c9a48341ace2d7","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8fc9a98026106a326f4faa98d4c9a48341ace2d7"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b2519756487b519f95c07aa8b10afe003e492119","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b2519756487b519f95c07aa8b10afe003e492119"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46145","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46145"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46155","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46155"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1529","reference_id":"CVE-2026-1529","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T20:51:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1529"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1529","reference_id":"CVE-2026-1529","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1529"},{"reference_url":"https://github.com/advisories/GHSA-hcvw-475w-8g7p","reference_id":"GHSA-hcvw-475w-8g7p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcvw-475w-8g7p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73557?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9"},{"url":"http://public2.vulnerablecode.io/api/packages/73948?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2026-1529","GHSA-hcvw-475w-8g7p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c58s-s3rb-27fw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57678?format=json","vulnerability_id":"VCID-dgdk-ahqm-9ken","summary":"Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/41137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/41137"},{"reference_url":"https://github.com/keycloak/keycloak/pull/41168","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/41168"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7784"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784"},{"reference_url":"https://github.com/advisories/GHSA-83j7-mhw9-388w","reference_id":"GHSA-83j7-mhw9-388w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-83j7-mhw9-388w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85981?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2"}],"aliases":["GHSA-83j7-mhw9-388w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdk-ahqm-9ken"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64298?format=json","vulnerability_id":"VCID-exeg-acrj-zkah","summary":"org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4874"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01265","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611","reference_id":"2451611","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx","reference_id":"GHSA-22rm-wp4x-v5cx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/992314?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sxtm-krnm-kff7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4874","GHSA-22rm-wp4x-v5cx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-exeg-acrj-zkah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50877?format=json","vulnerability_id":"VCID-gv5e-6w51-uydc","summary":"Keycloak: Improper Access Control Leading to MFA Deletion and Account Takeover in Keycloak Account REST API\nA flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04232","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47069","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47069"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429"},{"reference_url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4","reference_id":"GHSA-8g9r-9wjw-37j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3429","GHSA-8g9r-9wjw-37j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gv5e-6w51-uydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63606?format=json","vulnerability_id":"VCID-gyv4-k3na-eyhu","summary":"keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37977"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00893","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324","reference_id":"2455324","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7","reference_id":"GHSA-5v8v-xvjv-57x7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112858?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0"}],"aliases":["CVE-2026-37977","GHSA-5v8v-xvjv-57x7"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gyv4-k3na-eyhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63840?format=json","vulnerability_id":"VCID-j8hz-kys5-z3dr","summary":"keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4325"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12423","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0004","scoring_system":"epss","scoring_elements":"0.12424","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47715","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351","reference_id":"2448351","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7","reference_id":"GHSA-rx66-hj7g-28h7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4325","GHSA-rx66-hj7g-28h7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hz-kys5-z3dr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47796?format=json","vulnerability_id":"VCID-jpky-uz5r-gbc8","summary":"Keycloak SMTP Inject Vulnerability\nSpecial characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28696","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28655","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0","reference_id":"cpe:/a:redhat:build_keycloak:26.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2","reference_id":"cpe:/a:redhat:build_keycloak:26.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70547?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["CVE-2025-8419","GHSA-m4j5-5x4r-2xp9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jpky-uz5r-gbc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50832?format=json","vulnerability_id":"VCID-jq8s-nkj4-j7h7","summary":"Keycloak: Information disclosure of disabled user attributes via administrative endpoint\nA flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02036","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02028","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46922","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46922"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46923","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46923"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3911"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911"},{"reference_url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp","reference_id":"GHSA-xh32-c9wx-phrp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3911","GHSA-xh32-c9wx-phrp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq8s-nkj4-j7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50704?format=json","vulnerability_id":"VCID-kmna-8rms-2bez","summary":"Keycloak allows authentication using an Identity Provider (IdP) even after it has been disabled by an administrator\nA security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11452","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11455","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009"},{"reference_url":"https://github.com/advisories/GHSA-m297-3jv9-m927","reference_id":"GHSA-m297-3jv9-m927","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m297-3jv9-m927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-3009","GHSA-m297-3jv9-m927"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kmna-8rms-2bez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48113?format=json","vulnerability_id":"VCID-pgjk-vhx6-yqbt","summary":"Keycloak does not invalidate sessions when \"Remember Me\" is disabled\nA flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the \"Remember Me\" realm setting on existing user sessions. Sessions created while \"Remember Me\" was active retain their extended session lifetime until they expire, overriding the administrator's recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local \"remember-me\" flag without validating the current realm-level configuration.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11429.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11429","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31472","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11429"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402148","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402148"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://github.com/keycloak/keycloak/commit/a34094100716b7c69ae38eaed6678ab4344d0a1d"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/a752492843e21c3ab06090616692e53001864158"},{"reference_url":"https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://github.com/keycloak/keycloak/commit/bda0e2a67c8cf41d1b3d9010e6dfcddaf79bf59b"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43328","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43328"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-11429","reference_id":"CVE-2025-11429","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:31:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-11429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11429","reference_id":"CVE-2025-11429","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11429"},{"reference_url":"https://github.com/advisories/GHSA-64w3-5q9m-68xf","reference_id":"GHSA-64w3-5q9m-68xf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-64w3-5q9m-68xf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71060?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.1"}],"aliases":["CVE-2025-11429","GHSA-64w3-5q9m-68xf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgjk-vhx6-yqbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65968?format=json","vulnerability_id":"VCID-pq67-ngsq-cbe4","summary":"keycloak: Keycloak: Information Disclosure via improper role enforcement in UMA 2.0 Protection API","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3190"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02148","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02142","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46723","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572","reference_id":"2442572","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h","reference_id":"GHSA-q35r-vvhv-vx5h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3190","GHSA-q35r-vvhv-vx5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pq67-ngsq-cbe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49846?format=json","vulnerability_id":"VCID-s9bw-xmnt-xqbp","summary":"Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods\nA flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06785","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06789","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45646","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45646"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190"},{"reference_url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm","reference_id":"GHSA-63v5-26vq-m4vm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73948?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2026-1190","GHSA-63v5-26vq-m4vm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bw-xmnt-xqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65750?format=json","vulnerability_id":"VCID-shsh-c1xa-xbes","summary":"keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2092"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28169","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2822","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296","reference_id":"2437296","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p","reference_id":"GHSA-wmxr-6j5f-838p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113550?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2092","GHSA-wmxr-6j5f-838p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shsh-c1xa-xbes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61660?format=json","vulnerability_id":"VCID-sxtm-krnm-kff7","summary":"org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-7500"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0892","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08904","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48709","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48709"},{"reference_url":"https://github.com/keycloak/keycloak/pull/48715","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/48715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126","reference_id":"2464126","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg","reference_id":"GHSA-hm32-hfmw-rhvg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/116958?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7fx-dbch-e7fa"},{"vulnerability":"VCID-qqn6-4z7u-4uas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2"}],"aliases":["CVE-2026-7500","GHSA-hm32-hfmw-rhvg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxtm-krnm-kff7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66664?format=json","vulnerability_id":"VCID-tvba-94zp-t3hc","summary":"keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3121"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01932","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01926","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277","reference_id":"2442277","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4","reference_id":"GHSA-7xf9-4jfc-wgm4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3121","GHSA-7xf9-4jfc-wgm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvba-94zp-t3hc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66856?format=json","vulnerability_id":"VCID-u2fq-9cjc-1kf6","summary":"keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2575"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09177","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09159","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46372","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149","reference_id":"2440149","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5","reference_id":"GHSA-xv6h-r36f-3gp5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/112932?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2575","GHSA-xv6h-r36f-3gp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2fq-9cjc-1kf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65751?format=json","vulnerability_id":"VCID-uxs4-bydz-tbh4","summary":"keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2603"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45459","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132"},{"reference_url":"https://github.com/keycloak/keycloak/commits/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commits/26.5.5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46932","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300","reference_id":"2440300","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq","reference_id":"GHSA-x4p7-7chp-64hq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74475?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2603","GHSA-x4p7-7chp-64hq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxs4-bydz-tbh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63839?format=json","vulnerability_id":"VCID-v69z-xrfn-q3gu","summary":"keycloak: Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4282"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05644","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0563","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47719","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061","reference_id":"2448061","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v","reference_id":"GHSA-hj93-h7pg-fh6v","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4282","GHSA-hj93-h7pg-fh6v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v69z-xrfn-q3gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49398?format=json","vulnerability_id":"VCID-vdjk-2v9a-xfdk","summary":"Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions\nA flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01625","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01632","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082"},{"reference_url":"https://github.com/advisories/GHSA-6q37-7866-h27j","reference_id":"GHSA-6q37-7866-h27j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q37-7866-h27j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/72880?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-58n2-w8fu-u3hc"},{"vulnerability":"VCID-7fd4-t5k9-mfc7"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"},{"vulnerability":"VCID-zr12-p5eq-wubj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0"}],"aliases":["CVE-2025-14082","GHSA-6q37-7866-h27j"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vdjk-2v9a-xfdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63604?format=json","vulnerability_id":"VCID-vums-fzus-q7dn","summary":"org.keycloak.forms.login: keycloak: Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37980"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15711","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1572","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48049","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48049"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325","reference_id":"2455325","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3","reference_id":"GHSA-m32f-8vh9-2hh3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74838?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-37980","GHSA-m32f-8vh9-2hh3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vums-fzus-q7dn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57788?format=json","vulnerability_id":"VCID-xbmd-afn2-kfem","summary":"Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7","reference_id":"GHSA-qj5r-2r5p-phc7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70547?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["GHSA-qj5r-2r5p-phc7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbmd-afn2-kfem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64745?format=json","vulnerability_id":"VCID-xqks-vfap-aqb5","summary":"keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4628"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01518","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0151","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240","reference_id":"2450240","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg","reference_id":"GHSA-4pgc-gfrr-wcmg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/992314?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sxtm-krnm-kff7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4628","GHSA-4pgc-gfrr-wcmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xqks-vfap-aqb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63843?format=json","vulnerability_id":"VCID-xymt-c6mk-73ff","summary":"keycloak: Keycloak: UMA policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4636"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02174","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02167","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47717","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47717"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251","reference_id":"2450251","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv","reference_id":"GHSA-f2hx-5fx3-hmcv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110369?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-xqks-vfap-aqb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4636","GHSA-f2hx-5fx3-hmcv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xymt-c6mk-73ff"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57630?format=json","vulnerability_id":"VCID-1u7p-4qg4-yqbv","summary":"Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh","reference_id":"GHSA-gj52-35xm-gxjh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["GHSA-gj52-35xm-gxjh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1u7p-4qg4-yqbv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49799?format=json","vulnerability_id":"VCID-dckx-y9zp-d7fy","summary":"Keycloak Admin REST API exposes backend schema and rules\nA flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01033","published_at":"2026-06-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01034","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45493","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45493"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14083"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083"},{"reference_url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc","reference_id":"GHSA-594w-2fwp-jwrc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-14083","GHSA-594w-2fwp-jwrc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dckx-y9zp-d7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49797?format=json","vulnerability_id":"VCID-fkdm-gq5h-rbg7","summary":"Keycloak does not validate and update refresh token usage atomically\nA flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01688","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01694","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45647","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45647"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1035"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035"},{"reference_url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh","reference_id":"GHSA-m2w5-7xhv-w6fh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2026-1035","GHSA-m2w5-7xhv-w6fh"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkdm-gq5h-rbg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57740?format=json","vulnerability_id":"VCID-mzdb-4zsz-qqhn","summary":"Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\nA Privilege Escalation vulnerability was identified in the Keycloak identity and access management solution, specifically when FGAPv2 is enabled in version 26.2.x. The flaw lies in the admin permission enforcement logic, where a user with manage-users privileges can self-assign realm-admin rights. The escalation occurs due to missing privilege boundary checks in role mapping operations via the admin REST interface. A malicious administrator with limited permissions can exploit this by editing their own user roles, gaining unauthorized full access to realm configuration and user data.\n\nThis issue has been fixed in versions 26.2.6, and 26.3.0.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7784","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25515","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25502","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7784"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2381861"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/41137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/41137"},{"reference_url":"https://github.com/keycloak/keycloak/pull/41168","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/41168"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39956","reference_id":"39956","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39956"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7784"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784"},{"reference_url":"https://github.com/advisories/GHSA-27gp-8389-hm4w","reference_id":"GHSA-27gp-8389-hm4w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-27gp-8389-hm4w"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w","reference_id":"GHSA-27gp-8389-hm4w","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85928?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-7784","GHSA-27gp-8389-hm4w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mzdb-4zsz-qqhn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57741?format=json","vulnerability_id":"VCID-tv3h-kxj7-u7ct","summary":"Keycloak phishing attack via email verification step in first login flow\nThere is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to \"review profile\" information, which allows the the attacker to modify their email address to that of a victim's account. This triggers a verification email sent to the victim's email address. If the victim clicks the verification link, the attacker can gain access to the victim's account. While not a zero-interaction attack, the attacker's email address is not directly present in the verification email content, making it a potential phishing opportunity.\n\nThis issue has been fixed in versions 26.0.13, 26.2.6, and 26.3.0.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13683","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13678","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/85929?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/803817?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-1u7p-4qg4-yqbv"},{"vulnerability":"VCID-3adr-h63v-c3eg"},{"vulnerability":"VCID-6dya-2u73-vbee"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-dckx-y9zp-d7fy"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-dwgd-79t9-d7a1"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-fkdm-gq5h-rbg7"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jhzk-d1en-gkhj"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-pr4d-pmh8-yfeh"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xk8n-4az9-zfh3"},{"vulnerability":"VCID-xmxb-sg5r-ufbt"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/85928?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/70545?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12yb-w8kt-jyg3"},{"vulnerability":"VCID-1fwh-a287-5qgt"},{"vulnerability":"VCID-7uk5-w4qh-8uhq"},{"vulnerability":"VCID-bebk-k27t-4qgf"},{"vulnerability":"VCID-bw6h-4h9x-rbab"},{"vulnerability":"VCID-c58s-s3rb-27fw"},{"vulnerability":"VCID-dgdk-ahqm-9ken"},{"vulnerability":"VCID-exeg-acrj-zkah"},{"vulnerability":"VCID-gv5e-6w51-uydc"},{"vulnerability":"VCID-gyv4-k3na-eyhu"},{"vulnerability":"VCID-j8hz-kys5-z3dr"},{"vulnerability":"VCID-jpky-uz5r-gbc8"},{"vulnerability":"VCID-jq8s-nkj4-j7h7"},{"vulnerability":"VCID-kmna-8rms-2bez"},{"vulnerability":"VCID-pgjk-vhx6-yqbt"},{"vulnerability":"VCID-pq67-ngsq-cbe4"},{"vulnerability":"VCID-s9bw-xmnt-xqbp"},{"vulnerability":"VCID-shsh-c1xa-xbes"},{"vulnerability":"VCID-sxtm-krnm-kff7"},{"vulnerability":"VCID-tvba-94zp-t3hc"},{"vulnerability":"VCID-u2fq-9cjc-1kf6"},{"vulnerability":"VCID-uxs4-bydz-tbh4"},{"vulnerability":"VCID-v69z-xrfn-q3gu"},{"vulnerability":"VCID-vdjk-2v9a-xfdk"},{"vulnerability":"VCID-vums-fzus-q7dn"},{"vulnerability":"VCID-xbmd-afn2-kfem"},{"vulnerability":"VCID-xqks-vfap-aqb5"},{"vulnerability":"VCID-xymt-c6mk-73ff"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-7365","GHSA-xhpr-465j-7p9q"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tv3h-kxj7-u7ct"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}