Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.keycloak/keycloak-parent@26.5.0

Type maven

Namespace org.keycloak

Name keycloak-parent

Version 26.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-1bps-7j9p-a3b6

vulnerability_id VCID-1bps-7j9p-a3b6

summary

Keycloak Server-Side Request Forgery (SSRF) vulnerability
A flaw was found in Keycloak’s CIBA feature where insufficient validation of client-configured backchannel notification endpoints could allow blind server-side requests to internal services.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1518.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-1518

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02165
published_at	2026-06-07T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02178
published_at	2026-06-05T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02184
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-1518

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2433727

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2433727

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id	cpe:/a:redhat:build_keycloak:
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:

reference_url

https://access.redhat.com/security/cve/CVE-2026-1518

reference_id

CVE-2026-1518

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-02T14:03:51Z/

url

https://access.redhat.com/security/cve/CVE-2026-1518

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-1518

reference_id

CVE-2026-1518

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-1518

reference_url

https://github.com/advisories/GHSA-fwhw-chw4-gh37

reference_id

GHSA-fwhw-chw4-gh37

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fwhw-chw4-gh37

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@26.5.3

purl pkg:maven/org.keycloak/keycloak-parent@26.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rt61-271c-nkgk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.3

aliases CVE-2026-1518, GHSA-fwhw-chw4-gh37

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1bps-7j9p-a3b6

url VCID-ku7s-gnhp-a3du

vulnerability_id VCID-ku7s-gnhp-a3du

summary

Keycloak has Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
A flaw was found in Keycloak. The Keycloak Authorization header parser is overly permissive regarding the formatting of the "Bearer" authentication scheme. It accepts non-standard characters (such as tabs) as separators and tolerates case variations that deviate from RFC 6750 specifications.

references

reference_url

https://access.redhat.com/errata/RHSA-2026:3947

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3947

reference_url

https://access.redhat.com/errata/RHSA-2026:3948

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/errata/RHSA-2026:3948

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0707.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0707

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.06226
published_at	2026-06-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06527
published_at	2026-06-06T12:55:00Z

value	0.0003
scoring_system	epss
scoring_elements	0.09225
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0707

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2427768

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2427768

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url

https://github.com/keycloak/keycloak/issues/49433

reference_id

49433

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://github.com/keycloak/keycloak/issues/49433

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id	cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9

reference_url

https://access.redhat.com/security/cve/CVE-2026-0707

reference_id

CVE-2026-0707

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:54:59Z/

url

https://access.redhat.com/security/cve/CVE-2026-0707

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0707

reference_id

CVE-2026-0707

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0707

reference_url

https://github.com/advisories/GHSA-gv94-wp4h-vv8p

reference_id

GHSA-gv94-wp4h-vv8p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gv94-wp4h-vv8p

fixed_packages

url pkg:maven/org.keycloak/keycloak-parent@26.5.1

purl pkg:maven/org.keycloak/keycloak-parent@26.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1bps-7j9p-a3b6

vulnerability	VCID-rt61-271c-nkgk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.1

aliases CVE-2026-0707, GHSA-gv94-wp4h-vv8p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ku7s-gnhp-a3du

url

VCID-rt61-271c-nkgk

vulnerability_id

VCID-rt61-271c-nkgk

summary

Improper Authentication
A vulnerability was found in keycloak, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json

reference_id

reference_type

scores

value	9.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14910.json

reference_url

https://access.redhat.com/security/cve/cve-2019-14910

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2019-14910

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-14910

reference_id

reference_type

scores

value	0.00419
scoring_system	epss
scoring_elements	0.62249
published_at	2026-06-05T12:55:00Z

value	0.00419
scoring_system	epss
scoring_elements	0.622
published_at	2026-06-04T12:55:00Z

value	0.00419
scoring_system	epss
scoring_elements	0.62246
published_at	2026-06-07T12:55:00Z

value	0.00419
scoring_system	epss
scoring_elements	0.62256
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-14910

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910

reference_url

https://github.com/keycloak/keycloak

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/keycloak/keycloak

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1778265
reference_id	1778265
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1778265

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-14910

reference_id

CVE-2019-14910

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-14910

reference_url

https://github.com/advisories/GHSA-jf86-9434-f8c2

reference_id

GHSA-jf86-9434-f8c2

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jf86-9434-f8c2

fixed_packages

aliases

CVE-2019-14910, GHSA-jf86-9434-f8c2

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-rt61-271c-nkgk

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-parent@26.5.0

Package Instance