{"url":"http://public2.vulnerablecode.io/api/packages/710474?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.2","type":"maven","namespace":"org.keycloak","name":"keycloak-services","version":"24.0.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.6.3","latest_non_vulnerable_version":"26.6.3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92535?format=json","vulnerability_id":"VCID-1j4m-w46h-zkhq","summary":"A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28832","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28619","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28819","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28843","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8419"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0","reference_id":"cpe:/a:redhat:build_keycloak:26.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2","reference_id":"cpe:/a:redhat:build_keycloak:26.2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9","reference_id":"GHSA-m4j5-5x4r-2xp9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4j5-5x4r-2xp9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15336","reference_id":"RHSA-2025:15336","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15337","reference_id":"RHSA-2025:15337","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15338","reference_id":"RHSA-2025:15338","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:15339","reference_id":"RHSA-2025:15339","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:15339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776","reference_id":"show_bug.cgi?id=2385776","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2385776"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376807?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/376808?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["CVE-2025-8419","GHSA-m4j5-5x4r-2xp9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1j4m-w46h-zkhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/148275?format=json","vulnerability_id":"VCID-1mxe-pmc8-63aw","summary":"A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17403","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17252","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17417","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17431","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0657"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-0657","reference_id":"CVE-2023-0657","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-0657"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657","reference_id":"CVE-2023-0657","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-0657"},{"reference_url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"GHSA-7fpj-9hr8-28vh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7fpj-9hr8-28vh"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh","reference_id":"GHSA-7fpj-9hr8-28vh","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-7fpj-9hr8-28vh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728","reference_id":"show_bug.cgi?id=2166728","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-17T16:18:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2166728"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-0657","GHSA-7fpj-9hr8-28vh"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1mxe-pmc8-63aw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46039?format=json","vulnerability_id":"VCID-32db-rsf2-h7hm","summary":"A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341","reference_id":"","reference_type":"","scores":[{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84988","published_at":"2026-06-14T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84933","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84986","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02246","scoring_system":"epss","scoring_elements":"0.84995","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7341"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2341d6ee7a3567c58fd6a04a419fe4403e13374c"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5b3de0c7e7f367103affe2f5167913a2ce021cf1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5e06da2f6794c695051605e26a01affa3a18f66b"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-7341","reference_id":"CVE-2024-7341","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-7341"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341","reference_id":"CVE-2024-7341","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7341"},{"reference_url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"GHSA-5rxp-2rhr-qwqv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv","reference_id":"GHSA-5rxp-2rhr-qwqv","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5rxp-2rhr-qwqv"},{"reference_url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv","reference_id":"GHSA-j76j-rqwj-jmvv","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://github.com/advisories/GHSA-j76j-rqwj-jmvv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"RHSA-2024:6493","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"RHSA-2024:6494","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"RHSA-2024:6495","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"RHSA-2024:6497","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"RHSA-2024:6499","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"RHSA-2024:6500","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"RHSA-2024:6501","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6502","reference_id":"RHSA-2024:6502","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6503","reference_id":"RHSA-2024:6503","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6503"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064","reference_id":"show_bug.cgi?id=2302064","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T19:59:06Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2302064"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33303?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38vg-nb6g-3kg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/33300?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.5"}],"aliases":["CVE-2024-7341","GHSA-5rxp-2rhr-qwqv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-32db-rsf2-h7hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34666?format=json","vulnerability_id":"VCID-38vg-nb6g-3kg8","summary":"A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8883.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883","reference_id":"","reference_type":"","scores":[{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91412","published_at":"2026-06-14T12:55:00Z"},{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91375","published_at":"2026-06-11T12:55:00Z"},{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91407","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06592","scoring_system":"epss","scoring_elements":"0.91414","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-8883"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"GHSA-w8gr-xwp4-r9f7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w8gr-xwp4-r9f7"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7","reference_id":"GHSA-w8gr-xwp4-r9f7","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-w8gr-xwp4-r9f7"},{"reference_url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java","reference_id":"RedirectUtils.java","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10385","reference_id":"RHSA-2024:10385","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10386","reference_id":"RHSA-2024:10386","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6878","reference_id":"RHSA-2024:6878","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6878"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6879","reference_id":"RHSA-2024:6879","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6880","reference_id":"RHSA-2024:6880","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6882","reference_id":"RHSA-2024:6882","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6886","reference_id":"RHSA-2024:6886","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6886"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6887","reference_id":"RHSA-2024:6887","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6887"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6888","reference_id":"RHSA-2024:6888","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6889","reference_id":"RHSA-2024:6889","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6890","reference_id":"RHSA-2024:6890","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8823","reference_id":"RHSA-2024:8823","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8824","reference_id":"RHSA-2024:8824","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8824"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:8826","reference_id":"RHSA-2024:8826","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:8826"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511","reference_id":"show_bug.cgi?id=2312511","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-19T17:28:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2312511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33826?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/33519?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["CVE-2024-8883","GHSA-w8gr-xwp4-r9f7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-38vg-nb6g-3kg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360512?format=json","vulnerability_id":"VCID-39yc-g31q-u7gt","summary":"Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp","reference_id":"GHSA-fx44-2wx5-5fvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fx44-2wx5-5fvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376299?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-sa2j-p1w2-ebgj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-fx44-2wx5-5fvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-39yc-g31q-u7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/126716?format=json","vulnerability_id":"VCID-42w4-65kp-f7dy","summary":"A flaw was found in Keycloak. When the configuration uses JWT tokens for authentication, the tokens are cached until expiration. If a client uses JWT tokens with an excessively long expiration time, for example, 24 or 48 hours, the cache can grow indefinitely, leading to an OutOfMemoryError. This issue could result in a denial of service condition, preventing legitimate users from accessing the system.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-2559.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11943","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11875","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11961","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11963","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-2559"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2559"},{"reference_url":"https://github.com/keycloak/keycloak/issues/38576","reference_id":"38576","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://github.com/keycloak/keycloak/issues/38576"},{"reference_url":"https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca","reference_id":"a10c8119d4452b866b90a9019b2cc159919276ca","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://github.com/keycloak/keycloak/commit/a10c8119d4452b866b90a9019b2cc159919276ca"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-2559","reference_id":"CVE-2025-2559","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-2559"},{"reference_url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv","reference_id":"GHSA-2935-2wfm-hhpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2935-2wfm-hhpv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"RHSA-2025:4335","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"RHSA-2025:4336","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868","reference_id":"show_bug.cgi?id=2353868","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:31:49Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2353868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/790729?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.5"}],"aliases":["CVE-2025-2559","GHSA-2935-2wfm-hhpv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42w4-65kp-f7dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84992?format=json","vulnerability_id":"VCID-4b67-9tus-s7ds","summary":"A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10061","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10021","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1007","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10077","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2733"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46462","reference_id":"","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46462"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2733"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733","reference_id":"CVE-2026-2733","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2733"},{"reference_url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q","reference_id":"GHSA-fjf4-6f34-w64q","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjf4-6f34-w64q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895","reference_id":"show_bug.cgi?id=2440895","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440895"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374710?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2733","GHSA-fjf4-6f34-w64q"],"risk_score":1.7,"exploitability":"0.5","weighted_severity":"3.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4b67-9tus-s7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85713?format=json","vulnerability_id":"VCID-4uf3-t2q9-5fcp","summary":"A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01922","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01907","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0191","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01912","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3121"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46719","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3121"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3121","reference_id":"CVE-2026-3121","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3121"},{"reference_url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4","reference_id":"GHSA-7xf9-4jfc-wgm4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7xf9-4jfc-wgm4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277","reference_id":"show_bug.cgi?id=2442277","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442277"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40702?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mdys-vw33-uqa1"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3121","GHSA-7xf9-4jfc-wgm4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uf3-t2q9-5fcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85484?format=json","vulnerability_id":"VCID-4y2p-6e9v-ufh7","summary":"A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009","reference_id":"","reference_type":"","scores":[{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11462","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11426","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11502","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00037","scoring_system":"epss","scoring_elements":"0.11496","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3009"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.5.5"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009","reference_id":"CVE-2026-3009","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3009"},{"reference_url":"https://github.com/advisories/GHSA-m297-3jv9-m927","reference_id":"GHSA-m297-3jv9-m927","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m297-3jv9-m927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867","reference_id":"show_bug.cgi?id=2441867","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441867"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40285?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-3009","GHSA-m297-3jv9-m927"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4y2p-6e9v-ufh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71976?format=json","vulnerability_id":"VCID-5cfv-kzxe-3qg4","summary":"A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15809","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.1569","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15829","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15841","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37980"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48049","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48049"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37980"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37980","reference_id":"CVE-2026-37980","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37980"},{"reference_url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3","reference_id":"GHSA-m32f-8vh9-2hh3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m32f-8vh9-2hh3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325","reference_id":"show_bug.cgi?id=2455325","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455325"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40702?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mdys-vw33-uqa1"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-37980","GHSA-m32f-8vh9-2hh3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfv-kzxe-3qg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84772?format=json","vulnerability_id":"VCID-5gut-s9z6-u3gs","summary":"A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28328","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28116","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28312","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28337","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2092"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2092"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2092","reference_id":"CVE-2026-2092","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2092"},{"reference_url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p","reference_id":"GHSA-wmxr-6j5f-838p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wmxr-6j5f-838p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"RHSA-2026:3925","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"RHSA-2026:3926","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296","reference_id":"show_bug.cgi?id=2437296","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2437296"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374988?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14"},{"url":"http://public2.vulnerablecode.io/api/packages/374989?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10"},{"url":"http://public2.vulnerablecode.io/api/packages/40285?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2092","GHSA-wmxr-6j5f-838p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96291?format=json","vulnerability_id":"VCID-6fwf-utem-8bgx","summary":"A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19448","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19282","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19452","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19472","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12110"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7"},{"reference_url":"https://github.com/keycloak/keycloak/pull/43790","reference_id":"43790","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://github.com/keycloak/keycloak/pull/43790"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12110"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110","reference_id":"CVE-2025-12110","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12110"},{"reference_url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c","reference_id":"GHSA-895x-rfqp-jh5c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-895x-rfqp-jh5c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"RHSA-2025:21370","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"RHSA-2025:21371","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"RHSA-2025:22088","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"RHSA-2025:22089","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033","reference_id":"show_bug.cgi?id=2406033","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406033"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34737?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-sa2j-p1w2-ebgj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3"}],"aliases":["CVE-2025-12110","GHSA-895x-rfqp-jh5c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-utem-8bgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52572?format=json","vulnerability_id":"VCID-6j4h-u22h-cubz","summary":"A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-10270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31351","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31158","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31352","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3137","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-10270"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-wq8x-cg39-8mrr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4","reference_id":"5d6c91f3309db468b0fe4834e88c3d25649f73e4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://github.com/keycloak/keycloak/commit/5d6c91f3309db468b0fe4834e88c3d25649f73e4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24","reference_id":"cpe:/a:redhat:build_keycloak:24","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr","reference_id":"GHSA-wq8x-cg39-8mrr","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://github.com/advisories/GHSA-wq8x-cg39-8mrr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10175","reference_id":"RHSA-2024:10175","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10176","reference_id":"RHSA-2024:10176","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10177","reference_id":"RHSA-2024:10177","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10177"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:10178","reference_id":"RHSA-2024:10178","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:10178"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214","reference_id":"show_bug.cgi?id=2321214","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T17:15:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2321214"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372884?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/372885?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["CVE-2024-10270","GHSA-wq8x-cg39-8mrr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j4h-u22h-cubz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96523?format=json","vulnerability_id":"VCID-6t42-926q-3bhd","summary":"A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As a result, one user may receive tokens that belong to another user.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12390.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04465","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04481","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04484","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04469","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12390"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/5344aada5ee06b02ec3a9e0f52fa381d085b6282"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b46fab230824a2304daafe74be019e8bd4ee590a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d82438a611f2f869f1966c13012953fe963a493d"},{"reference_url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/ef75a4dc50aa9459777494e4b88655100bf2ac80"},{"reference_url":"https://github.com/keycloak/keycloak/discussions/31265","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/discussions/31265"},{"reference_url":"https://github.com/keycloak/keycloak/issues/32197","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/32197"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43853","reference_id":"43853","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43853"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12390"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390","reference_id":"CVE-2025-12390","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12390"},{"reference_url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp","reference_id":"GHSA-rg35-5v25-mqvp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg35-5v25-mqvp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"RHSA-2025:21370","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"RHSA-2025:21371","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"RHSA-2025:22088","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"RHSA-2025:22089","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793","reference_id":"show_bug.cgi?id=2406793","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-28T13:45:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406793"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34849?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.0"}],"aliases":["CVE-2025-12390","GHSA-rg35-5v25-mqvp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6t42-926q-3bhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142600?format=json","vulnerability_id":"VCID-6vfq-3vub-zbdc","summary":"A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6717.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2784","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27624","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27825","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2785","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6717"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1","reference_id":"cpe:/a:redhat:openshift_gitops:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_gitops:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6717","reference_id":"CVE-2023-6717","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6717"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717","reference_id":"CVE-2023-6717","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6717"},{"reference_url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"GHSA-8rmm-gm28-pj8q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8rmm-gm28-pj8q"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q","reference_id":"GHSA-8rmm-gm28-pj8q","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-8rmm-gm28-pj8q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1353","reference_id":"RHSA-2024:1353","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"RHSA-2024:2945","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"RHSA-2024:4057","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952","reference_id":"show_bug.cgi?id=2253952","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:15:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253952"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6717","GHSA-8rmm-gm28-pj8q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vfq-3vub-zbdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73425?format=json","vulnerability_id":"VCID-82aq-wymj-ekby","summary":"A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01913","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.019","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01902","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01904","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4874"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4874"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4874","reference_id":"CVE-2026-4874","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4874"},{"reference_url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx","reference_id":"GHSA-22rm-wp4x-v5cx","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22rm-wp4x-v5cx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25097","reference_id":"RHSA-2026:25097","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25098","reference_id":"RHSA-2026:25098","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611","reference_id":"show_bug.cgi?id=2451611","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451611"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/975121?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a6bx-hkuu-zkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4874","GHSA-22rm-wp4x-v5cx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wymj-ekby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106694?format=json","vulnerability_id":"VCID-85r1-z7c6-6bcb","summary":"A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13787","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13786","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13756","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1367","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-7365"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.0.13"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.2.6"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://github.com/keycloak/keycloak/issues/40446","reference_id":"40446","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/issues/40446"},{"reference_url":"https://github.com/keycloak/keycloak/pull/40520","reference_id":"40520","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://github.com/keycloak/keycloak/pull/40520"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q","reference_id":"GHSA-xhpr-465j-7p9q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xhpr-465j-7p9q"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11986","reference_id":"RHSA-2025:11986","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11987","reference_id":"RHSA-2025:11987","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12015","reference_id":"RHSA-2025:12015","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12015"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12016","reference_id":"RHSA-2025:12016","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12016"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852","reference_id":"show_bug.cgi?id=2378852","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2378852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378331?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.13"},{"url":"http://public2.vulnerablecode.io/api/packages/790726?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-9ze5-h7ew-f3b2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/378332?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6"},{"url":"http://public2.vulnerablecode.io/api/packages/34740?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-8txb-4xw8-aydm"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ec5w-983u-tbbz"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-hdz7-3722-xfe6"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-7365","GHSA-xhpr-465j-7p9q"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-85r1-z7c6-6bcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360759?format=json","vulnerability_id":"VCID-8baa-m4rc-aqh5","summary":"Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to \"review profile\" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/26.3.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7365"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7365","reference_id":"CVE-2025-7365","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7365"},{"reference_url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh","reference_id":"GHSA-gj52-35xm-gxjh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gj52-35xm-gxjh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34740?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-8txb-4xw8-aydm"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ec5w-983u-tbbz"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-hdz7-3722-xfe6"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["GHSA-gj52-35xm-gxjh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8baa-m4rc-aqh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72017?format=json","vulnerability_id":"VCID-8fsf-kear-tyb2","summary":"A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: [\"*\"]`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01311","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01213","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01211","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0001","scoring_system":"epss","scoring_elements":"0.01306","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-37977"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-37977"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-37977","reference_id":"CVE-2026-37977","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-37977"},{"reference_url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7","reference_id":"GHSA-5v8v-xvjv-57x7","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v8v-xvjv-57x7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25097","reference_id":"RHSA-2026:25097","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25098","reference_id":"RHSA-2026:25098","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324","reference_id":"show_bug.cgi?id=2455324","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455324"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374657?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0"}],"aliases":["CVE-2026-37977","GHSA-5v8v-xvjv-57x7"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fsf-kear-tyb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54106?format=json","vulnerability_id":"VCID-8ga9-uqff-rfdw","summary":"A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1132.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132","reference_id":"","reference_type":"","scores":[{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.56084","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55962","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.56097","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.56083","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1132"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10","reference_id":"cpe:/a:redhat:amq_broker:7.10","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.10"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11","reference_id":"cpe:/a:redhat:amq_broker:7.11","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.11"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_id":"cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2","reference_id":"cpe:/a:redhat:quarkus:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3","reference_id":"cpe:/a:redhat:quarkus:3","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1132","reference_id":"CVE-2024-1132","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1132"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132","reference_id":"CVE-2024-1132","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1132"},{"reference_url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm","reference_id":"GHSA-72vp-xfrc-42xm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72vp-xfrc-42xm"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm","reference_id":"GHSA-72vp-xfrc-42xm","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-72vp-xfrc-42xm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"RHSA-2024:1860","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"RHSA-2024:1861","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"RHSA-2024:1862","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"RHSA-2024:1864","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"RHSA-2024:1866","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"RHSA-2024:2945","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3752","reference_id":"RHSA-2024:3752","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3752"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3762","reference_id":"RHSA-2024:3762","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3762"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3919","reference_id":"RHSA-2024:3919","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3989","reference_id":"RHSA-2024:3989","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3989"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117","reference_id":"show_bug.cgi?id=2262117","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-04-23T18:37:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262117"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1132","GHSA-72vp-xfrc-42xm"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ga9-uqff-rfdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72575?format=json","vulnerability_id":"VCID-a6bx-hkuu-zkg4","summary":"When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08726","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0873","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08734","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7500"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/48709","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/48709"},{"reference_url":"https://github.com/keycloak/keycloak/pull/48715","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/48715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7500"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-7500","reference_id":"CVE-2026-7500","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-7500"},{"reference_url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg","reference_id":"GHSA-hm32-hfmw-rhvg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm32-hfmw-rhvg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25097","reference_id":"RHSA-2026:25097","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25097"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25098","reference_id":"RHSA-2026:25098","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:25098"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126","reference_id":"show_bug.cgi?id=2464126","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464126"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41155?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-99gq-5t6k-7yf5"},{"vulnerability":"VCID-e94v-acqx-1bcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2"}],"aliases":["CVE-2026-7500","GHSA-hm32-hfmw-rhvg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6bx-hkuu-zkg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212232?format=json","vulnerability_id":"VCID-any2-t2rb-f3bz","summary":"Duplicate Advisory: Keycloak has a brute force login protection bypass","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj","reference_id":"GHSA-8wm9-24qg-m5qj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8wm9-24qg-m5qj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33241?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.4"}],"aliases":["GHSA-8wm9-24qg-m5qj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-any2-t2rb-f3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99722?format=json","vulnerability_id":"VCID-b7ak-4hjc-xuhh","summary":"A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01034","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01027","published_at":"2026-06-11T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01025","published_at":"2026-06-12T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01031","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14083"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45493","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45493"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14083"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083","reference_id":"CVE-2025-14083","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14083"},{"reference_url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc","reference_id":"GHSA-594w-2fwp-jwrc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-594w-2fwp-jwrc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086","reference_id":"show_bug.cgi?id=2419086","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419086"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34740?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-8txb-4xw8-aydm"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ec5w-983u-tbbz"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-hdz7-3722-xfe6"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2025-14083","GHSA-594w-2fwp-jwrc"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ak-4hjc-xuhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47740?format=json","vulnerability_id":"VCID-b8bu-q83t-mqgu","summary":"A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4540.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54545","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5456","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54419","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54544","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4540"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2191cc26ae6deb52eeaf74046027b65804d16fd0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9","reference_id":"cpe:/a:redhat:build_keycloak:24::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:24::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr","reference_id":"GHSA-69fp-7c8p-crjr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-69fp-7c8p-crjr"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr","reference_id":"GHSA-69fp-7c8p-crjr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-69fp-7c8p-crjr"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3566","reference_id":"RHSA-2024:3566","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3566"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3567","reference_id":"RHSA-2024:3567","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3568","reference_id":"RHSA-2024:3568","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3570","reference_id":"RHSA-2024:3570","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"RHSA-2024:3572","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3573","reference_id":"RHSA-2024:3573","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3573"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3574","reference_id":"RHSA-2024:3574","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3574"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"RHSA-2024:3575","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3576","reference_id":"RHSA-2024:3576","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3576"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303","reference_id":"show_bug.cgi?id=2279303","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-03T16:13:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31891?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-4540","GHSA-69fp-7c8p-crjr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8bu-q83t-mqgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151490?format=json","vulnerability_id":"VCID-cmpj-geab-aqc4","summary":"A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3597.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26028","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25827","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26026","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.26042","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3597"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/aa634aee882892960a526e49982806e103c8a432"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-3597","reference_id":"CVE-2023-3597","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-3597"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597","reference_id":"CVE-2023-3597","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3597"},{"reference_url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"GHSA-4f53-xh3v-g8x4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f53-xh3v-g8x4"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4","reference_id":"GHSA-4f53-xh3v-g8x4","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4f53-xh3v-g8x4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"RHSA-2024:1866","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760","reference_id":"show_bug.cgi?id=2221760","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:08:53Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221760"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-3597","GHSA-4f53-xh3v-g8x4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmpj-geab-aqc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73411?format=json","vulnerability_id":"VCID-czza-hz45-5ka6","summary":"A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03198","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.0319","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03203","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03186","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4636"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47717","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47717"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4636"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4636","reference_id":"CVE-2026-4636","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4636"},{"reference_url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv","reference_id":"GHSA-f2hx-5fx3-hmcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2hx-5fx3-hmcv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251","reference_id":"show_bug.cgi?id=2450251","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4636","GHSA-f2hx-5fx3-hmcv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czza-hz45-5ka6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85437?format=json","vulnerability_id":"VCID-ecc8-b6za-vqds","summary":"A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02127","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02118","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02122","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3190"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46723","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3190"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3190","reference_id":"CVE-2026-3190","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3190"},{"reference_url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h","reference_id":"GHSA-q35r-vvhv-vx5h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q35r-vvhv-vx5h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572","reference_id":"show_bug.cgi?id=2442572","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40702?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mdys-vw33-uqa1"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3190","GHSA-q35r-vvhv-vx5h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ecc8-b6za-vqds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85433?format=json","vulnerability_id":"VCID-epvz-duxp-tyf7","summary":"A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0252","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02527","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0253","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3872"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47718","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47718"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3872"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3872","reference_id":"CVE-2026-3872","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3872"},{"reference_url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m","reference_id":"GHSA-cjm2-j6cm-6p6m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cjm2-j6cm-6p6m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988","reference_id":"show_bug.cgi?id=2445988","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445988"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3872","GHSA-cjm2-j6cm-6p6m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-epvz-duxp-tyf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360667?format=json","vulnerability_id":"VCID-f2m5-cwr1-ryc1","summary":"Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.\n\n### Original Description\nA vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8419"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-8419","reference_id":"CVE-2025-8419","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-8419"},{"reference_url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7","reference_id":"GHSA-qj5r-2r5p-phc7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qj5r-2r5p-phc7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376808?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3"}],"aliases":["GHSA-qj5r-2r5p-phc7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f2m5-cwr1-ryc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78771?format=json","vulnerability_id":"VCID-feud-rr2t-tyfx","summary":"A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01699","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01686","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01689","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01692","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1035"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45647","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45647"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1035"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035","reference_id":"CVE-2026-1035","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1035"},{"reference_url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh","reference_id":"GHSA-m2w5-7xhv-w6fh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m2w5-7xhv-w6fh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314","reference_id":"show_bug.cgi?id=2430314","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430314"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34740?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-8txb-4xw8-aydm"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ec5w-983u-tbbz"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-hdz7-3722-xfe6"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0"}],"aliases":["CVE-2026-1035","GHSA-m2w5-7xhv-w6fh"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-feud-rr2t-tyfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212055?format=json","vulnerability_id":"VCID-hx5h-m1z3-tfaj","summary":"Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)","references":[{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-4540"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540","reference_id":"CVE-2024-4540","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4540"},{"reference_url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg","reference_id":"GHSA-4vrx-8phj-x3mg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vrx-8phj-x3mg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31891?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["GHSA-4vrx-8phj-x3mg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hx5h-m1z3-tfaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96323?format=json","vulnerability_id":"VCID-mhqj-fy58-6fd6","summary":"A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: \"none\", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02594","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0259","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02592","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02584","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-12150"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339"},{"reference_url":"https://github.com/keycloak/keycloak/issues/35110","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/35110"},{"reference_url":"https://github.com/keycloak/keycloak/issues/43723","reference_id":"43723","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://github.com/keycloak/keycloak/issues/43723"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-12150"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150","reference_id":"CVE-2025-12150","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-12150"},{"reference_url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r","reference_id":"GHSA-7g5x-9c4v-4w5r","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7g5x-9c4v-4w5r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21370","reference_id":"RHSA-2025:21370","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21371","reference_id":"RHSA-2025:21371","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22088","reference_id":"RHSA-2025:22088","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22089","reference_id":"RHSA-2025:22089","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:22089"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192","reference_id":"show_bug.cgi?id=2406192","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2406192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39957?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.4.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4"}],"aliases":["CVE-2025-12150","GHSA-7g5x-9c4v-4w5r"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqj-fy58-6fd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85663?format=json","vulnerability_id":"VCID-put6-zqp1-dkhj","summary":"A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911","reference_id":"","reference_type":"","scores":[{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.0202","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02012","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02008","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3911"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46922","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46922"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46923","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46923"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3911"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911","reference_id":"CVE-2026-3911","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3911"},{"reference_url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp","reference_id":"GHSA-xh32-c9wx-phrp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xh32-c9wx-phrp"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392","reference_id":"show_bug.cgi?id=2446392","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446392"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40702?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-mdys-vw33-uqa1"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6"}],"aliases":["CVE-2026-3911","GHSA-xh32-c9wx-phrp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-put6-zqp1-dkhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64116?format=json","vulnerability_id":"VCID-r4g2-4531-buaw","summary":"A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3656.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656","reference_id":"","reference_type":"","scores":[{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99585","published_at":"2026-06-14T12:55:00Z"},{"value":"0.89656","scoring_system":"epss","scoring_elements":"0.99584","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-3656"},{"reference_url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hnsecurity/vulns/blob/main/HNS-2024-08-Keycloak.md"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d9f0c84b797525eac55914db5f81a8133ef5f9b1"},{"reference_url":"https://news.ycombinator.com/item?id=42136000","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://news.ycombinator.com/item?id=42136000"},{"reference_url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-3656","reference_id":"CVE-2024-3656","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-3656"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656","reference_id":"CVE-2024-3656","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3656"},{"reference_url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"GHSA-2cww-fgmg-4jqc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://github.com/advisories/GHSA-2cww-fgmg-4jqc"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc","reference_id":"GHSA-2cww-fgmg-4jqc","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-2cww-fgmg-4jqc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3572","reference_id":"RHSA-2024:3572","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3572"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3575","reference_id":"RHSA-2024:3575","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:3575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403","reference_id":"show_bug.cgi?id=2274403","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-09T19:18:03Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2274403"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31891?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.5"}],"aliases":["CVE-2024-3656","GHSA-2cww-fgmg-4jqc"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r4g2-4531-buaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62982?format=json","vulnerability_id":"VCID-rpxq-j9uk-2bek","summary":"A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21494","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21321","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21506","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21519","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2419"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-2419","reference_id":"CVE-2024-2419","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-2419"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419","reference_id":"CVE-2024-2419","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2419"},{"reference_url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"GHSA-mrv8-pqfj-7gp5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrv8-pqfj-7gp5"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5","reference_id":"GHSA-mrv8-pqfj-7gp5","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-mrv8-pqfj-7gp5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371","reference_id":"show_bug.cgi?id=2269371","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-25T19:49:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269371"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-2419","GHSA-mrv8-pqfj-7gp5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpxq-j9uk-2bek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85043?format=json","vulnerability_id":"VCID-shne-12fw-xfbw","summary":"A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45643","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45486","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45629","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45635","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2603"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a"},{"reference_url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132"},{"reference_url":"https://github.com/keycloak/keycloak/commits/26.5.5","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commits/26.5.5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46911","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46911"},{"reference_url":"https://github.com/keycloak/keycloak/pull/46932","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/46932"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2603"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2603","reference_id":"CVE-2026-2603","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2603"},{"reference_url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq","reference_id":"GHSA-x4p7-7chp-64hq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x4p7-7chp-64hq"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3925","reference_id":"RHSA-2026:3925","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3926","reference_id":"RHSA-2026:3926","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300","reference_id":"show_bug.cgi?id=2440300","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40285?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5"}],"aliases":["CVE-2026-2603","GHSA-x4p7-7chp-64hq"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shne-12fw-xfbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360491?format=json","vulnerability_id":"VCID-tazu-5mqv-vfaq","summary":"Duplicate Advisory: Keycloak hostname verification\n# Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.\n\n# Original Description\nA flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://github.com/advisories/GHSA-r934-w73g-v4p8","reference_id":"GHSA-r934-w73g-v4p8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r934-w73g-v4p8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376299?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-sa2j-p1w2-ebgj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["GHSA-r934-w73g-v4p8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tazu-5mqv-vfaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73439?format=json","vulnerability_id":"VCID-thtq-yz7t-7kea","summary":"A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05963","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05955","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.0597","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05978","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4282"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47719","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47719"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4282"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4282","reference_id":"CVE-2026-4282","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4282"},{"reference_url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v","reference_id":"GHSA-hj93-h7pg-fh6v","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hj93-h7pg-fh6v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061","reference_id":"show_bug.cgi?id=2448061","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448061"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4282","GHSA-hj93-h7pg-fh6v"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thtq-yz7t-7kea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85391?format=json","vulnerability_id":"VCID-tjyr-75f3-d7ff","summary":"A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04247","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04244","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04256","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3429"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47069","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47069"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-3429"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429","reference_id":"CVE-2026-3429","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-3429"},{"reference_url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4","reference_id":"GHSA-8g9r-9wjw-37j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8g9r-9wjw-37j4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771","reference_id":"show_bug.cgi?id=2443771","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443771"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-3429","GHSA-8g9r-9wjw-37j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tjyr-75f3-d7ff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/360744?format=json","vulnerability_id":"VCID-u1aa-s9ru-w3gf","summary":"Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)\n### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/41137","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/41137"},{"reference_url":"https://github.com/keycloak/keycloak/pull/41168","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/pull/41168"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7784"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-7784","reference_id":"CVE-2025-7784","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2025-7784"},{"reference_url":"https://github.com/advisories/GHSA-83j7-mhw9-388w","reference_id":"GHSA-83j7-mhw9-388w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-83j7-mhw9-388w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/817853?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2"}],"aliases":["GHSA-83j7-mhw9-388w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1aa-s9ru-w3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127181?format=json","vulnerability_id":"VCID-u2cc-wm39-4qax","summary":"A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23671","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23484","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2368","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2369","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3501"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3501"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39350","reference_id":"39350","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39350"},{"reference_url":"https://github.com/keycloak/keycloak/pull/39366","reference_id":"39366","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://github.com/keycloak/keycloak/pull/39366"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3501","reference_id":"CVE-2025-3501","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3501"},{"reference_url":"https://github.com/advisories/GHSA-hw58-3793-42gg","reference_id":"GHSA-hw58-3793-42gg","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hw58-3793-42gg"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"RHSA-2025:4335","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"RHSA-2025:4336","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8672","reference_id":"RHSA-2025:8672","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8690","reference_id":"RHSA-2025:8690","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834","reference_id":"show_bug.cgi?id=2358834","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2358834"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376299?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-sa2j-p1w2-ebgj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3501","GHSA-hw58-3793-42gg"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cc-wm39-4qax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142565?format=json","vulnerability_id":"VCID-uaxm-zx64-jbas","summary":"A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544","reference_id":"","reference_type":"","scores":[{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80285","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80216","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80277","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80293","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6544"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6544","reference_id":"CVE-2023-6544","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6544"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544","reference_id":"CVE-2023-6544","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6544"},{"reference_url":"https://github.com/advisories/GHSA-46c8-635v-68r2","reference_id":"GHSA-46c8-635v-68r2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-46c8-635v-68r2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2","reference_id":"GHSA-46c8-635v-68r2","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-46c8-635v-68r2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"RHSA-2024:1860","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"RHSA-2024:1861","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"RHSA-2024:1862","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"RHSA-2024:1864","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"RHSA-2024:1866","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116","reference_id":"show_bug.cgi?id=2253116","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:19:09Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253116"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6544","GHSA-46c8-635v-68r2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaxm-zx64-jbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54222?format=json","vulnerability_id":"VCID-udt9-gs91-8qgw","summary":"A flaw was found in Keycloak's OIDC component in the \"checkLoginIframe,\" which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1249.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46238","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46093","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46246","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46232","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-1249"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9d9817e15a07195f16f554b7f60ee3a918369e26"},{"reference_url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/e3598a53678a1e3698e78eb71e04ba10ca32e5e2"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12","reference_id":"cpe:/a:redhat:amq_broker:7.12","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_broker:7.12"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1","reference_id":"cpe:/a:redhat:amq_streams:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:amq_streams:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7","reference_id":"cpe:/a:redhat:jboss_data_grid:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8","reference_id":"cpe:/a:redhat:jboss_data_grid:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_bpms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_id":"cpe:/a:redhat:jboss_enterprise_brms_platform:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_brms_platform:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7","reference_id":"cpe:/a:redhat:jboss_fuse:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6","reference_id":"cpe:/a:redhat:migration_toolkit_applications:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7","reference_id":"cpe:/a:redhat:migration_toolkit_applications:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:migration_toolkit_applications:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8","reference_id":"cpe:/a:redhat:openshift_serverless:1.33::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.33::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1","reference_id":"cpe:/a:redhat:rhdh:1","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhdh:1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2","reference_id":"cpe:/a:redhat:service_registry:2","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:service_registry:2"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-1249","reference_id":"CVE-2024-1249","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-1249"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249","reference_id":"CVE-2024-1249","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1249"},{"reference_url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8","reference_id":"GHSA-m6q9-p373-g5q8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6q9-p373-g5q8"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8","reference_id":"GHSA-m6q9-p373-g5q8","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-m6q9-p373-g5q8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1860","reference_id":"RHSA-2024:1860","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1860"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1861","reference_id":"RHSA-2024:1861","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1862","reference_id":"RHSA-2024:1862","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1864","reference_id":"RHSA-2024:1864","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1864"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1866","reference_id":"RHSA-2024:1866","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1866"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"RHSA-2024:2945","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4057","reference_id":"RHSA-2024:4057","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4057"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918","reference_id":"show_bug.cgi?id=2262918","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T17:33:02Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2262918"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2024-1249","GHSA-m6q9-p373-g5q8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udt9-gs91-8qgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/359709?format=json","vulnerability_id":"VCID-ugt9-3hnt-jkea","summary":"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-wq8x-cg39-8mrr. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-10270"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-10270","reference_id":"CVE-2024-10270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-10270"},{"reference_url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg","reference_id":"GHSA-j3x3-r585-4qhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3x3-r585-4qhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372884?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/372885?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.0.6"}],"aliases":["GHSA-j3x3-r585-4qhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ugt9-3hnt-jkea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/212250?format=json","vulnerability_id":"VCID-uuj4-raj8-fqhp","summary":"Duplicate Advisory: Keycloak Open Redirect vulnerability","references":[{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/releases/tag/25.0.6"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2024-8883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883","reference_id":"CVE-2024-8883","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"7.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:L/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-8883"},{"reference_url":"https://github.com/advisories/GHSA-vvf8-2h68-9475","reference_id":"GHSA-vvf8-2h68-9475","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vvf8-2h68-9475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33519?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.6"}],"aliases":["GHSA-vvf8-2h68-9475"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuj4-raj8-fqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73418?format=json","vulnerability_id":"VCID-uuxm-2f48-3qa5","summary":"A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01531","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01515","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01519","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01522","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4628"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4628"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:","reference_id":"cpe:/a:redhat:build_keycloak:","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4628","reference_id":"CVE-2026-4628","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4628"},{"reference_url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg","reference_id":"GHSA-4pgc-gfrr-wcmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pgc-gfrr-wcmg"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240","reference_id":"show_bug.cgi?id=2450240","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450240"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/975121?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-a6bx-hkuu-zkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1"}],"aliases":["CVE-2026-4628","GHSA-4pgc-gfrr-wcmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uuxm-2f48-3qa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73351?format=json","vulnerability_id":"VCID-vcjc-hgjb-dqhs","summary":"A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0747","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07454","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07486","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0748","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4634"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47716","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47716"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4634"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4634","reference_id":"CVE-2026-4634","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4634"},{"reference_url":"https://github.com/advisories/GHSA-h4wv-g838-66g3","reference_id":"GHSA-h4wv-g838-66g3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4wv-g838-66g3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250","reference_id":"show_bug.cgi?id=2450250","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4634","GHSA-h4wv-g838-66g3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcjc-hgjb-dqhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/99787?format=json","vulnerability_id":"VCID-vrhh-6fx6-zqbw","summary":"A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01637","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01624","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01628","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.0163","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-14082"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-14082"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082","reference_id":"CVE-2025-14082","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-14082"},{"reference_url":"https://github.com/advisories/GHSA-6q37-7866-h27j","reference_id":"GHSA-6q37-7866-h27j","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6q37-7866-h27j"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078","reference_id":"show_bug.cgi?id=2419078","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419078"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/35987?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ec5w-983u-tbbz"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-hdz7-3722-xfe6"},{"vulnerability":"VCID-mdys-vw33-uqa1"},{"vulnerability":"VCID-p11z-217w-r3d3"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-ttpj-h8z5-tfgw"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yfgh-e1hw-1ff7"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0"}],"aliases":["CVE-2025-14082","GHSA-6q37-7866-h27j"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrhh-6fx6-zqbw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/127088?format=json","vulnerability_id":"VCID-wrdw-sj1s-bqbd","summary":"A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25114","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24911","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2511","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25128","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-3910"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-3910"},{"reference_url":"https://github.com/keycloak/keycloak/issues/39349","reference_id":"39349","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://github.com/keycloak/keycloak/issues/39349"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26","reference_id":"cpe:/a:redhat:build_keycloak:26","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.0::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-3910","reference_id":"CVE-2025-3910","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-3910"},{"reference_url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2","reference_id":"GHSA-5jfq-x6xp-7rw2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jfq-x6xp-7rw2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4335","reference_id":"RHSA-2025:4335","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4335"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:4336","reference_id":"RHSA-2025:4336","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:4336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923","reference_id":"show_bug.cgi?id=2361923","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361923"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376299?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-sa2j-p1w2-ebgj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2"}],"aliases":["CVE-2025-3910","GHSA-5jfq-x6xp-7rw2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wrdw-sj1s-bqbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73551?format=json","vulnerability_id":"VCID-wsdh-ap2m-5uat","summary":"A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14759","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14669","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1479","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.14788","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-4325"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5"},{"reference_url":"https://github.com/keycloak/keycloak/issues/47715","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/47715"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4325"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.2::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-4325","reference_id":"CVE-2026-4325","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-4325"},{"reference_url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7","reference_id":"GHSA-rx66-hj7g-28h7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rx66-hj7g-28h7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6475","reference_id":"RHSA-2026:6475","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6476","reference_id":"RHSA-2026:6476","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6477","reference_id":"RHSA-2026:6477","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6478","reference_id":"RHSA-2026:6478","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:6478"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351","reference_id":"show_bug.cgi?id=2448351","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448351"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373606?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-uuxm-2f48-3qa5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7"}],"aliases":["CVE-2026-4325","GHSA-rx66-hj7g-28h7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdh-ap2m-5uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84785?format=json","vulnerability_id":"VCID-wwh9-7awg-h7g6","summary":"A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09255","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09211","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09264","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09265","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2575"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04"},{"reference_url":"https://github.com/keycloak/keycloak/issues/46372","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/46372"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2575"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-2575","reference_id":"CVE-2026-2575","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-2575"},{"reference_url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5","reference_id":"GHSA-xv6h-r36f-3gp5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xv6h-r36f-3gp5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149","reference_id":"show_bug.cgi?id=2440149","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440149"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374710?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4"}],"aliases":["CVE-2026-2575","GHSA-xv6h-r36f-3gp5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wwh9-7awg-h7g6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142615?format=json","vulnerability_id":"VCID-xwcc-yenj-mfd3","summary":"A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69296","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69198","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.6929","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69302","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-6787"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-6787","reference_id":"CVE-2023-6787","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-6787"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787","reference_id":"CVE-2023-6787","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6787"},{"reference_url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj","reference_id":"GHSA-c9h6-v78w-52wj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c9h6-v78w-52wj"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj","reference_id":"GHSA-c9h6-v78w-52wj","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1867","reference_id":"RHSA-2024:1867","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1867"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1868","reference_id":"RHSA-2024:1868","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:1868"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375","reference_id":"show_bug.cgi?id=2254375","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:40:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30414?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-any2-t2rb-f3bz"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-b8bu-q83t-mqgu"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-hx5h-m1z3-tfaj"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-r4g2-4531-buaw"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-yy3c-aejz-1kdv"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.3"}],"aliases":["CVE-2023-6787","GHSA-c9h6-v78w-52wj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwcc-yenj-mfd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47580?format=json","vulnerability_id":"VCID-yy3c-aejz-1kdv","summary":"A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629","reference_id":"","reference_type":"","scores":[{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63917","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63931","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63929","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00444","scoring_system":"epss","scoring_elements":"0.63815","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4629"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416"},{"reference_url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200"},{"reference_url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1"},{"reference_url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562"},{"reference_url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88"},{"reference_url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1ab"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22","reference_id":"cpe:/a:redhat:build_keycloak:22","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9","reference_id":"cpe:/a:redhat:build_keycloak:22::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:22::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7.6::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8","reference_id":"cpe:/a:redhat:rhosemc:1.0::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-4629"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629","reference_id":"CVE-2024-4629","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4629"},{"reference_url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"GHSA-gc7q-jgjv-vjr2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gc7q-jgjv-vjr2"},{"reference_url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2","reference_id":"GHSA-gc7q-jgjv-vjr2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6493","reference_id":"RHSA-2024:6493","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6494","reference_id":"RHSA-2024:6494","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6495","reference_id":"RHSA-2024:6495","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6497","reference_id":"RHSA-2024:6497","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6499","reference_id":"RHSA-2024:6499","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6500","reference_id":"RHSA-2024:6500","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6500"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6501","reference_id":"RHSA-2024:6501","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:6501"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761","reference_id":"show_bug.cgi?id=2276761","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-03T20:20:28Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276761"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33303?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@24.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-38vg-nb6g-3kg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/33449?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@25.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1j4m-w46h-zkhq"},{"vulnerability":"VCID-32db-rsf2-h7hm"},{"vulnerability":"VCID-38vg-nb6g-3kg8"},{"vulnerability":"VCID-39yc-g31q-u7gt"},{"vulnerability":"VCID-42w4-65kp-f7dy"},{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-6fwf-utem-8bgx"},{"vulnerability":"VCID-6j4h-u22h-cubz"},{"vulnerability":"VCID-6t42-926q-3bhd"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-85r1-z7c6-6bcb"},{"vulnerability":"VCID-8baa-m4rc-aqh5"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-b7ak-4hjc-xuhh"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-f2m5-cwr1-ryc1"},{"vulnerability":"VCID-feud-rr2t-tyfx"},{"vulnerability":"VCID-mhqj-fy58-6fd6"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-tazu-5mqv-vfaq"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-u1aa-s9ru-w3gf"},{"vulnerability":"VCID-u2cc-wm39-4qax"},{"vulnerability":"VCID-ugt9-3hnt-jkea"},{"vulnerability":"VCID-uuj4-raj8-fqhp"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-vrhh-6fx6-zqbw"},{"vulnerability":"VCID-wrdw-sj1s-bqbd"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"},{"vulnerability":"VCID-zjcz-6z84-6ub3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@25.0.4"}],"aliases":["CVE-2024-4629","GHSA-gc7q-jgjv-vjr2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yy3c-aejz-1kdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78803?format=json","vulnerability_id":"VCID-zjcz-6z84-6ub3","summary":"A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06767","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06775","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06793","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06784","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-1190"},{"reference_url":"https://github.com/keycloak/keycloak","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak"},{"reference_url":"https://github.com/keycloak/keycloak/issues/45646","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/keycloak/keycloak/issues/45646"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9","reference_id":"cpe:/a:redhat:build_keycloak:26.4::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp","reference_id":"cpe:/a:redhat:jbosseapxp","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_id":"cpe:/a:redhat:jboss_enterprise_application_platform:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7","reference_id":"cpe:/a:redhat:red_hat_single_sign_on:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2026-1190"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190","reference_id":"CVE-2026-1190","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1190"},{"reference_url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm","reference_id":"GHSA-63v5-26vq-m4vm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-63v5-26vq-m4vm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3947","reference_id":"RHSA-2026:3947","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3948","reference_id":"RHSA-2026:3948","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:3948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835","reference_id":"show_bug.cgi?id=2430835","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430835"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39005?format=json","purl":"pkg:maven/org.keycloak/keycloak-services@26.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4b67-9tus-s7ds"},{"vulnerability":"VCID-4uf3-t2q9-5fcp"},{"vulnerability":"VCID-4y2p-6e9v-ufh7"},{"vulnerability":"VCID-5cfv-kzxe-3qg4"},{"vulnerability":"VCID-5gut-s9z6-u3gs"},{"vulnerability":"VCID-82aq-wymj-ekby"},{"vulnerability":"VCID-8fsf-kear-tyb2"},{"vulnerability":"VCID-a6bx-hkuu-zkg4"},{"vulnerability":"VCID-czza-hz45-5ka6"},{"vulnerability":"VCID-ecc8-b6za-vqds"},{"vulnerability":"VCID-epvz-duxp-tyf7"},{"vulnerability":"VCID-put6-zqp1-dkhj"},{"vulnerability":"VCID-shne-12fw-xfbw"},{"vulnerability":"VCID-thtq-yz7t-7kea"},{"vulnerability":"VCID-tjyr-75f3-d7ff"},{"vulnerability":"VCID-uuxm-2f48-3qa5"},{"vulnerability":"VCID-vcjc-hgjb-dqhs"},{"vulnerability":"VCID-wsdh-ap2m-5uat"},{"vulnerability":"VCID-wwh9-7awg-h7g6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3"}],"aliases":["CVE-2026-1190","GHSA-63v5-26vq-m4vm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcz-6z84-6ub3"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@24.0.2"}