Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.5.2
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.5.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-s9bw-xmnt-xqbp
vulnerability_id VCID-s9bw-xmnt-xqbp
summary 
Keycloak's missing timestamp validation allows attackers to extend SAML response validity periods
A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3947
1
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3948
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/issues/45646
5
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2026-1190
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
7
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
fixed_packages
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9bw-xmnt-xqbp
Fixing_vulnerabilities
0
url VCID-58n2-w8fu-u3hc
vulnerability_id VCID-58n2-w8fu-u3hc
summary 
Keycloak services allows the issuance of access and refresh tokens for disabled users
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:2365
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2365
1
reference_url https://access.redhat.com/errata/RHSA-2026:2366
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2366
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2421711
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2421711
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659
5
reference_url https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff
6
reference_url https://github.com/keycloak/keycloak/issues/45651
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/issues/45651
7
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/releases/tag/26.5.2
8
reference_url https://access.redhat.com/security/cve/CVE-2025-14559
reference_id CVE-2025-14559
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2025-14559
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14559
reference_id CVE-2025-14559
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-14559
10
reference_url https://github.com/advisories/GHSA-wv3h-x6c4-r867
reference_id GHSA-wv3h-x6c4-r867
reference_type
scores
url https://github.com/advisories/GHSA-wv3h-x6c4-r867
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.9
purl pkg:maven/org.keycloak/keycloak-services@26.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9
1
url pkg:maven/org.keycloak/keycloak-services@26.5.2
purl pkg:maven/org.keycloak/keycloak-services@26.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s9bw-xmnt-xqbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.2
aliases CVE-2025-14559, GHSA-wv3h-x6c4-r867
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58n2-w8fu-u3hc
1
url VCID-zr12-p5eq-wubj
vulnerability_id VCID-zr12-p5eq-wubj
summary 
Keycloak Admin API allows an administrator with limited privileges to retrieve sensitive custom attributes
A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.
references
0
reference_url https://access.redhat.com/errata/RHSA-2026:2365
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2365
1
reference_url https://access.redhat.com/errata/RHSA-2026:2366
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2366
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2418330
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2418330
3
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak
4
reference_url https://github.com/keycloak/keycloak/commit/1d7ab8d5fb1403902f5152820a8fc734d38b08d2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/1d7ab8d5fb1403902f5152820a8fc734d38b08d2
5
reference_url https://github.com/keycloak/keycloak/commit/c5c83d6604d4c73139f38fce3ed7b7c4c38c09f2
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/commit/c5c83d6604d4c73139f38fce3ed7b7c4c38c09f2
6
reference_url https://github.com/keycloak/keycloak/issues/45873
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/issues/45873
7
reference_url https://github.com/keycloak/keycloak/pull/45427
reference_id
reference_type
scores
url https://github.com/keycloak/keycloak/pull/45427
8
reference_url https://access.redhat.com/security/cve/CVE-2025-13881
reference_id CVE-2025-13881
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2025-13881
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-13881
reference_id CVE-2025-13881
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-13881
10
reference_url https://github.com/advisories/GHSA-g78x-7vwx-9f58
reference_id GHSA-g78x-7vwx-9f58
reference_type
scores
url https://github.com/advisories/GHSA-g78x-7vwx-9f58
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.9
purl pkg:maven/org.keycloak/keycloak-services@26.4.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.9
1
url pkg:maven/org.keycloak/keycloak-services@26.5.2
purl pkg:maven/org.keycloak/keycloak-services@26.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s9bw-xmnt-xqbp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.2
aliases CVE-2025-13881, GHSA-g78x-7vwx-9f58
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zr12-p5eq-wubj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.2