Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.keycloak/keycloak-services@26.2.0
Typemaven
Namespaceorg.keycloak
Namekeycloak-services
Version26.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version26.6.3
Latest_non_vulnerable_version26.6.3
Affected_by_vulnerabilities
0
url VCID-1j4m-w46h-zkhq
vulnerability_id VCID-1j4m-w46h-zkhq
summary A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8419.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.28832
published_at 2026-06-14T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.28619
published_at 2026-06-11T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.28819
published_at 2026-06-12T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.28843
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-8419
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-m4j5-5x4r-2xp9
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
reference_id cpe:/a:redhat:build_keycloak:26.0
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
reference_id cpe:/a:redhat:build_keycloak:26.2
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
9
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/security/cve/CVE-2025-8419
10
reference_url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
reference_id GHSA-m4j5-5x4r-2xp9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m4j5-5x4r-2xp9
11
reference_url https://access.redhat.com/errata/RHSA-2025:15336
reference_id RHSA-2025:15336
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15336
12
reference_url https://access.redhat.com/errata/RHSA-2025:15337
reference_id RHSA-2025:15337
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15337
13
reference_url https://access.redhat.com/errata/RHSA-2025:15338
reference_id RHSA-2025:15338
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15338
14
reference_url https://access.redhat.com/errata/RHSA-2025:15339
reference_id RHSA-2025:15339
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://access.redhat.com/errata/RHSA-2025:15339
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
reference_id show_bug.cgi?id=2385776
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-06T17:23:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2385776
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.8
purl pkg:maven/org.keycloak/keycloak-services@26.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.8
1
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-mhqj-fy58-6fd6
12
vulnerability VCID-put6-zqp1-dkhj
13
vulnerability VCID-shne-12fw-xfbw
14
vulnerability VCID-thtq-yz7t-7kea
15
vulnerability VCID-tjyr-75f3-d7ff
16
vulnerability VCID-uuxm-2f48-3qa5
17
vulnerability VCID-vcjc-hgjb-dqhs
18
vulnerability VCID-vrhh-6fx6-zqbw
19
vulnerability VCID-wsdh-ap2m-5uat
20
vulnerability VCID-wwh9-7awg-h7g6
21
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases CVE-2025-8419, GHSA-m4j5-5x4r-2xp9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1j4m-w46h-zkhq
1
url VCID-39yc-g31q-u7gt
vulnerability_id VCID-39yc-g31q-u7gt
summary 
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-5jfq-x6xp-7rw2. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
1
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id CVE-2025-3910
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3910
2
reference_url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
reference_id GHSA-fx44-2wx5-5fvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx44-2wx5-5fvp
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-fx44-2wx5-5fvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39yc-g31q-u7gt
2
url VCID-4b67-9tus-s7ds
vulnerability_id VCID-4b67-9tus-s7ds
summary A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2733.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10061
published_at 2026-06-14T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10021
published_at 2026-06-11T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.1007
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10077
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2733
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e
4
reference_url https://github.com/keycloak/keycloak/issues/46462
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46462
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-2733
reference_id CVE-2026-2733
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/security/cve/CVE-2026-2733
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
reference_id CVE-2026-2733
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2733
12
reference_url https://github.com/advisories/GHSA-fjf4-6f34-w64q
reference_id GHSA-fjf4-6f34-w64q
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fjf4-6f34-w64q
13
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3947
14
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://access.redhat.com/errata/RHSA-2026:3948
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
reference_id show_bug.cgi?id=2440895
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-19T21:31:08Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440895
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-4y2p-6e9v-ufh7
2
vulnerability VCID-5cfv-kzxe-3qg4
3
vulnerability VCID-5gut-s9z6-u3gs
4
vulnerability VCID-82aq-wymj-ekby
5
vulnerability VCID-8fsf-kear-tyb2
6
vulnerability VCID-a6bx-hkuu-zkg4
7
vulnerability VCID-czza-hz45-5ka6
8
vulnerability VCID-ecc8-b6za-vqds
9
vulnerability VCID-epvz-duxp-tyf7
10
vulnerability VCID-put6-zqp1-dkhj
11
vulnerability VCID-shne-12fw-xfbw
12
vulnerability VCID-thtq-yz7t-7kea
13
vulnerability VCID-tjyr-75f3-d7ff
14
vulnerability VCID-uuxm-2f48-3qa5
15
vulnerability VCID-vcjc-hgjb-dqhs
16
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2733, GHSA-fjf4-6f34-w64q
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4b67-9tus-s7ds
3
url VCID-4uf3-t2q9-5fcp
vulnerability_id VCID-4uf3-t2q9-5fcp
summary A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3121.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01922
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01907
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0191
published_at 2026-06-12T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01912
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3121
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/79ab3110a257fb8d6f1a664c916687128094ed01
4
reference_url https://github.com/keycloak/keycloak/issues/46719
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46719
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3121
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-3121
reference_id CVE-2026-3121
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/security/cve/CVE-2026-3121
11
reference_url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
reference_id GHSA-7xf9-4jfc-wgm4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7xf9-4jfc-wgm4
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
reference_id show_bug.cgi?id=2442277
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-30T13:58:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442277
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3121, GHSA-7xf9-4jfc-wgm4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uf3-t2q9-5fcp
4
url VCID-4y2p-6e9v-ufh7
vulnerability_id VCID-4y2p-6e9v-ufh7
summary A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an Identity Provider (IdP) even after it has been disabled by an administrator. An attacker who knows the IdP alias can reuse a previously generated login request to bypass the administrative restriction. This undermines access control enforcement and may allow unauthorized authentication through a disabled external provider.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3009.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11462
published_at 2026-06-14T12:55:00Z
1
value 0.00037
scoring_system epss
scoring_elements 0.11426
published_at 2026-06-11T12:55:00Z
2
value 0.00037
scoring_system epss
scoring_elements 0.11502
published_at 2026-06-12T12:55:00Z
3
value 0.00037
scoring_system epss
scoring_elements 0.11496
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3009
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
4
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
5
reference_url https://github.com/keycloak/keycloak/releases/tag/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.5.5
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
10
reference_url https://access.redhat.com/security/cve/CVE-2026-3009
reference_id CVE-2026-3009
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/security/cve/CVE-2026-3009
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
reference_id CVE-2026-3009
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3009
12
reference_url https://github.com/advisories/GHSA-m297-3jv9-m927
reference_id GHSA-m297-3jv9-m927
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m297-3jv9-m927
13
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3947
14
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://access.redhat.com/errata/RHSA-2026:3948
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
reference_id show_bug.cgi?id=2441867
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-06T18:14:28Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2441867
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-3009, GHSA-m297-3jv9-m927
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4y2p-6e9v-ufh7
5
url VCID-5cfv-kzxe-3qg4
vulnerability_id VCID-5cfv-kzxe-3qg4
summary A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15809
published_at 2026-06-14T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.1569
published_at 2026-06-11T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15829
published_at 2026-06-12T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15841
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37980
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/48049
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/48049
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37980
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://access.redhat.com/security/cve/CVE-2026-37980
reference_id CVE-2026-37980
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://access.redhat.com/security/cve/CVE-2026-37980
7
reference_url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
reference_id GHSA-m32f-8vh9-2hh3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m32f-8vh9-2hh3
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
reference_id show_bug.cgi?id=2455325
reference_type
scores
0
value 6.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:42:46Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455325
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-37980, GHSA-m32f-8vh9-2hh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cfv-kzxe-3qg4
6
url VCID-5gut-s9z6-u3gs
vulnerability_id VCID-5gut-s9z6-u3gs
summary A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. This allows the attacker to inject an encrypted assertion for an arbitrary principal, leading to unauthorized access and potential information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2092.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28328
published_at 2026-06-14T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28116
published_at 2026-06-11T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28312
published_at 2026-06-12T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28337
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2092
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b40a25908d937bb0563ea516487bc2c7c1d92508
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2092
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-2092
reference_id CVE-2026-2092
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/security/cve/CVE-2026-2092
8
reference_url https://github.com/advisories/GHSA-wmxr-6j5f-838p
reference_id GHSA-wmxr-6j5f-838p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wmxr-6j5f-838p
9
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id RHSA-2026:3925
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3925
10
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id RHSA-2026:3926
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3926
11
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3947
12
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://access.redhat.com/errata/RHSA-2026:3948
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
reference_id show_bug.cgi?id=2437296
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-18T14:10:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2437296
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.14
purl pkg:maven/org.keycloak/keycloak-services@26.2.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.14
1
url pkg:maven/org.keycloak/keycloak-services@26.4.10
purl pkg:maven/org.keycloak/keycloak-services@26.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.10
2
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2092, GHSA-wmxr-6j5f-838p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5gut-s9z6-u3gs
7
url VCID-6fwf-utem-8bgx
vulnerability_id VCID-6fwf-utem-8bgx
summary A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
reference_id
reference_type
scores
0
value 0.00061
scoring_system epss
scoring_elements 0.19448
published_at 2026-06-14T12:55:00Z
1
value 0.00061
scoring_system epss
scoring_elements 0.19282
published_at 2026-06-11T12:55:00Z
2
value 0.00061
scoring_system epss
scoring_elements 0.19452
published_at 2026-06-12T12:55:00Z
3
value 0.00061
scoring_system epss
scoring_elements 0.19472
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12110
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/54e1c8af1e089ad33d32e0f2792610e4b8df421b
4
reference_url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/c830a27928cac4294619af7d147bdff34d4a85e7
5
reference_url https://github.com/keycloak/keycloak/pull/43790
reference_id 43790
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://github.com/keycloak/keycloak/pull/43790
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/security/cve/CVE-2025-12110
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
reference_id CVE-2025-12110
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12110
10
reference_url https://github.com/advisories/GHSA-895x-rfqp-jh5c
reference_id GHSA-895x-rfqp-jh5c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-895x-rfqp-jh5c
11
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id RHSA-2025:21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21370
12
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id RHSA-2025:21371
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:21371
13
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id RHSA-2025:22088
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22088
14
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id RHSA-2025:22089
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://access.redhat.com/errata/RHSA-2025:22089
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
reference_id show_bug.cgi?id=2406033
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-23T14:27:24Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406033
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.3
purl pkg:maven/org.keycloak/keycloak-services@26.2.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-85r1-z7c6-6bcb
8
vulnerability VCID-8baa-m4rc-aqh5
9
vulnerability VCID-8fsf-kear-tyb2
10
vulnerability VCID-a6bx-hkuu-zkg4
11
vulnerability VCID-b7ak-4hjc-xuhh
12
vulnerability VCID-czza-hz45-5ka6
13
vulnerability VCID-ecc8-b6za-vqds
14
vulnerability VCID-epvz-duxp-tyf7
15
vulnerability VCID-f2m5-cwr1-ryc1
16
vulnerability VCID-feud-rr2t-tyfx
17
vulnerability VCID-mhqj-fy58-6fd6
18
vulnerability VCID-put6-zqp1-dkhj
19
vulnerability VCID-sa2j-p1w2-ebgj
20
vulnerability VCID-shne-12fw-xfbw
21
vulnerability VCID-thtq-yz7t-7kea
22
vulnerability VCID-tjyr-75f3-d7ff
23
vulnerability VCID-u1aa-s9ru-w3gf
24
vulnerability VCID-uuxm-2f48-3qa5
25
vulnerability VCID-vcjc-hgjb-dqhs
26
vulnerability VCID-vrhh-6fx6-zqbw
27
vulnerability VCID-wsdh-ap2m-5uat
28
vulnerability VCID-wwh9-7awg-h7g6
29
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.3
aliases CVE-2025-12110, GHSA-895x-rfqp-jh5c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fwf-utem-8bgx
8
url VCID-82aq-wymj-ekby
vulnerability_id VCID-82aq-wymj-ekby
summary A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01913
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.019
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01902
published_at 2026-06-12T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01904
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4874
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4874
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
9
reference_url https://access.redhat.com/security/cve/CVE-2026-4874
reference_id CVE-2026-4874
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/security/cve/CVE-2026-4874
10
reference_url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
reference_id GHSA-22rm-wp4x-v5cx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22rm-wp4x-v5cx
11
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/errata/RHSA-2026:25097
12
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://access.redhat.com/errata/RHSA-2026:25098
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
reference_id show_bug.cgi?id=2451611
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-26T13:53:59Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2451611
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6bx-hkuu-zkg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4874, GHSA-22rm-wp4x-v5cx
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82aq-wymj-ekby
9
url VCID-85r1-z7c6-6bcb
vulnerability_id VCID-85r1-z7c6-6bcb
summary A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7365.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13787
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13786
published_at 2026-06-13T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13756
published_at 2026-06-14T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.1367
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7365
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/releases/tag/26.0.13
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.0.13
4
reference_url https://github.com/keycloak/keycloak/releases/tag/26.2.6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.2.6
5
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
6
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-xhpr-465j-7p9q
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
8
reference_url https://github.com/keycloak/keycloak/issues/40446
reference_id 40446
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://github.com/keycloak/keycloak/issues/40446
9
reference_url https://github.com/keycloak/keycloak/pull/40520
reference_id 40520
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://github.com/keycloak/keycloak/pull/40520
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
12
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id CVE-2025-7365
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/security/cve/CVE-2025-7365
13
reference_url https://github.com/advisories/GHSA-xhpr-465j-7p9q
reference_id GHSA-xhpr-465j-7p9q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xhpr-465j-7p9q
14
reference_url https://access.redhat.com/errata/RHSA-2025:11986
reference_id RHSA-2025:11986
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11986
15
reference_url https://access.redhat.com/errata/RHSA-2025:11987
reference_id RHSA-2025:11987
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:11987
16
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id RHSA-2025:12015
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12015
17
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id RHSA-2025:12016
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://access.redhat.com/errata/RHSA-2025:12016
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
reference_id show_bug.cgi?id=2378852
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-10T20:16:26Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2378852
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
1
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7365, GHSA-xhpr-465j-7p9q
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-85r1-z7c6-6bcb
10
url VCID-8baa-m4rc-aqh5
vulnerability_id VCID-8baa-m4rc-aqh5
summary 
Duplicate Advisory: Keycloak phishing attack via email verification step in first login flow
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xhpr-465j-7p9q. This link is maintained to preserve external references.

### Original Description
A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email address to match that of a victim's account, triggering a verification email sent to the victim's email address. The attacker's email address is not present in the verification email content, making it a potential phishing opportunity. If the victim clicks the verification link, the attacker can gain access to the victim's account.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/releases/tag/26.3.0
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/releases/tag/26.3.0
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7365
3
reference_url https://access.redhat.com/security/cve/CVE-2025-7365
reference_id CVE-2025-7365
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7365
4
reference_url https://github.com/advisories/GHSA-gj52-35xm-gxjh
reference_id GHSA-gj52-35xm-gxjh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gj52-35xm-gxjh
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases GHSA-gj52-35xm-gxjh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8baa-m4rc-aqh5
11
url VCID-8fsf-kear-tyb2
vulnerability_id VCID-8fsf-kear-tyb2
summary A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: ["*"]`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01311
published_at 2026-06-14T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01213
published_at 2026-06-11T12:55:00Z
2
value 0.0001
scoring_system epss
scoring_elements 0.01211
published_at 2026-06-12T12:55:00Z
3
value 0.0001
scoring_system epss
scoring_elements 0.01306
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-37977
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-37977
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2026-37977
reference_id CVE-2026-37977
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/security/cve/CVE-2026-37977
6
reference_url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
reference_id GHSA-5v8v-xvjv-57x7
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5v8v-xvjv-57x7
7
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/errata/RHSA-2026:25097
8
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://access.redhat.com/errata/RHSA-2026:25098
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
reference_id show_bug.cgi?id=2455324
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T11:55:21Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2455324
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.0
purl pkg:maven/org.keycloak/keycloak-services@26.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-a6bx-hkuu-zkg4
2
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.0
aliases CVE-2026-37977, GHSA-5v8v-xvjv-57x7
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8fsf-kear-tyb2
12
url VCID-a6bx-hkuu-zkg4
vulnerability_id VCID-a6bx-hkuu-zkg4
summary When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7500.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-7500
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08726
published_at 2026-06-14T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08686
published_at 2026-06-11T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.0873
published_at 2026-06-12T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08734
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-7500
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/48709
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/48709
4
reference_url https://github.com/keycloak/keycloak/pull/48715
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/48715
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-7500
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-7500
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
reference_id cpe:/a:redhat:build_keycloak:26.6::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.6::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-7500
reference_id CVE-2026-7500
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/security/cve/CVE-2026-7500
8
reference_url https://github.com/advisories/GHSA-hm32-hfmw-rhvg
reference_id GHSA-hm32-hfmw-rhvg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hm32-hfmw-rhvg
9
reference_url https://access.redhat.com/errata/RHSA-2026:25097
reference_id RHSA-2026:25097
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/errata/RHSA-2026:25097
10
reference_url https://access.redhat.com/errata/RHSA-2026:25098
reference_id RHSA-2026:25098
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://access.redhat.com/errata/RHSA-2026:25098
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2464126
reference_id show_bug.cgi?id=2464126
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-30T15:02:40Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2464126
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.2
purl pkg:maven/org.keycloak/keycloak-services@26.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-99gq-5t6k-7yf5
1
vulnerability VCID-e94v-acqx-1bcp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.2
aliases CVE-2026-7500, GHSA-hm32-hfmw-rhvg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a6bx-hkuu-zkg4
13
url VCID-b7ak-4hjc-xuhh
vulnerability_id VCID-b7ak-4hjc-xuhh
summary A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14083.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01034
published_at 2026-06-14T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.01027
published_at 2026-06-11T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.01025
published_at 2026-06-12T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.01031
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14083
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45493
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45493
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14083
reference_id CVE-2025-14083
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/security/cve/CVE-2025-14083
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
reference_id CVE-2025-14083
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14083
7
reference_url https://github.com/advisories/GHSA-594w-2fwp-jwrc
reference_id GHSA-594w-2fwp-jwrc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-594w-2fwp-jwrc
8
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6477
9
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://access.redhat.com/errata/RHSA-2026:6478
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
reference_id show_bug.cgi?id=2419086
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:22:19Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419086
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-14083, GHSA-594w-2fwp-jwrc
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ak-4hjc-xuhh
14
url VCID-czza-hz45-5ka6
vulnerability_id VCID-czza-hz45-5ka6
summary A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03198
published_at 2026-06-14T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.0319
published_at 2026-06-11T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03203
published_at 2026-06-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03186
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4636
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725
4
reference_url https://github.com/keycloak/keycloak/issues/47717
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47717
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4636
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4636
reference_id CVE-2026-4636
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/security/cve/CVE-2026-4636
9
reference_url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
reference_id GHSA-f2hx-5fx3-hmcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2hx-5fx3-hmcv
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
reference_id show_bug.cgi?id=2450251
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:13:39Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450251
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4636, GHSA-f2hx-5fx3-hmcv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czza-hz45-5ka6
15
url VCID-ecc8-b6za-vqds
vulnerability_id VCID-ecc8-b6za-vqds
summary A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02127
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02118
published_at 2026-06-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02122
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3190
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/f1baf25cbb1551202570f954102eb2d270ab0694
4
reference_url https://github.com/keycloak/keycloak/issues/46723
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46723
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3190
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://access.redhat.com/security/cve/CVE-2026-3190
reference_id CVE-2026-3190
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://access.redhat.com/security/cve/CVE-2026-3190
8
reference_url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
reference_id GHSA-q35r-vvhv-vx5h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q35r-vvhv-vx5h
9
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
10
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
reference_id show_bug.cgi?id=2442572
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:46:23Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2442572
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3190, GHSA-q35r-vvhv-vx5h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecc8-b6za-vqds
16
url VCID-epvz-duxp-tyf7
vulnerability_id VCID-epvz-duxp-tyf7
summary A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.0252
published_at 2026-06-13T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02527
published_at 2026-06-11T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.0253
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
4
reference_url https://github.com/keycloak/keycloak/issues/47718
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47718
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/security/cve/CVE-2026-3872
9
reference_url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
reference_id GHSA-cjm2-j6cm-6p6m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
reference_id show_bug.cgi?id=2445988
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3872, GHSA-cjm2-j6cm-6p6m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epvz-duxp-tyf7
17
url VCID-f2m5-cwr1-ryc1
vulnerability_id VCID-f2m5-cwr1-ryc1
summary 
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references.

### Original Description
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-8419
2
reference_url https://access.redhat.com/security/cve/CVE-2025-8419
reference_id CVE-2025-8419
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-8419
3
reference_url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
reference_id GHSA-qj5r-2r5p-phc7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qj5r-2r5p-phc7
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.3
purl pkg:maven/org.keycloak/keycloak-services@26.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-mhqj-fy58-6fd6
12
vulnerability VCID-put6-zqp1-dkhj
13
vulnerability VCID-shne-12fw-xfbw
14
vulnerability VCID-thtq-yz7t-7kea
15
vulnerability VCID-tjyr-75f3-d7ff
16
vulnerability VCID-uuxm-2f48-3qa5
17
vulnerability VCID-vcjc-hgjb-dqhs
18
vulnerability VCID-vrhh-6fx6-zqbw
19
vulnerability VCID-wsdh-ap2m-5uat
20
vulnerability VCID-wwh9-7awg-h7g6
21
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.3
aliases GHSA-qj5r-2r5p-phc7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f2m5-cwr1-ryc1
18
url VCID-feud-rr2t-tyfx
vulnerability_id VCID-feud-rr2t-tyfx
summary A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refresh token usage are not performed atomically. This allows concurrent refresh requests to bypass single-use enforcement and issue multiple access tokens from the same refresh token. As a result, Keycloak’s refresh token rotation hardening can be undermined.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1035.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01699
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01686
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01689
published_at 2026-06-12T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01692
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1035
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45647
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45647
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-1035
reference_id CVE-2026-1035
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/security/cve/CVE-2026-1035
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
reference_id CVE-2026-1035
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1035
10
reference_url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
reference_id GHSA-m2w5-7xhv-w6fh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m2w5-7xhv-w6fh
11
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6477
12
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://access.redhat.com/errata/RHSA-2026:6478
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
reference_id show_bug.cgi?id=2430314
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-21T14:37:07Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430314
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2026-1035, GHSA-m2w5-7xhv-w6fh
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-feud-rr2t-tyfx
19
url VCID-mhqj-fy58-6fd6
vulnerability_id VCID-mhqj-fy58-6fd6
summary A flaw was found in Keycloak’s WebAuthn registration component. This vulnerability allows an attacker to bypass the configured attestation policy and register untrusted or forged authenticators via submission of an attestation object with fmt: "none", even when the realm is configured to require direct attestation. This can lead to weakened authentication integrity and unauthorized authenticator registration.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-12150.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02594
published_at 2026-06-14T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.0259
published_at 2026-06-11T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02592
published_at 2026-06-12T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02584
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-12150
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4136a677e7e24f6685ed25567e191e1003200339
4
reference_url https://github.com/keycloak/keycloak/issues/35110
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/35110
5
reference_url https://github.com/keycloak/keycloak/issues/43723
reference_id 43723
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://github.com/keycloak/keycloak/issues/43723
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-12150
reference_id CVE-2025-12150
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/security/cve/CVE-2025-12150
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
reference_id CVE-2025-12150
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-12150
10
reference_url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
reference_id GHSA-7g5x-9c4v-4w5r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g5x-9c4v-4w5r
11
reference_url https://access.redhat.com/errata/RHSA-2025:21370
reference_id RHSA-2025:21370
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21370
12
reference_url https://access.redhat.com/errata/RHSA-2025:21371
reference_id RHSA-2025:21371
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:21371
13
reference_url https://access.redhat.com/errata/RHSA-2025:22088
reference_id RHSA-2025:22088
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22088
14
reference_url https://access.redhat.com/errata/RHSA-2025:22089
reference_id RHSA-2025:22089
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://access.redhat.com/errata/RHSA-2025:22089
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
reference_id show_bug.cgi?id=2406192
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T16:45:45Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2406192
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.4.4
purl pkg:maven/org.keycloak/keycloak-services@26.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-put6-zqp1-dkhj
12
vulnerability VCID-shne-12fw-xfbw
13
vulnerability VCID-thtq-yz7t-7kea
14
vulnerability VCID-tjyr-75f3-d7ff
15
vulnerability VCID-uuxm-2f48-3qa5
16
vulnerability VCID-vcjc-hgjb-dqhs
17
vulnerability VCID-vrhh-6fx6-zqbw
18
vulnerability VCID-wsdh-ap2m-5uat
19
vulnerability VCID-wwh9-7awg-h7g6
20
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.4.4
aliases CVE-2025-12150, GHSA-7g5x-9c4v-4w5r
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mhqj-fy58-6fd6
20
url VCID-put6-zqp1-dkhj
vulnerability_id VCID-put6-zqp1-dkhj
summary A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.0202
published_at 2026-06-14T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02012
published_at 2026-06-13T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3911
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/215bc1e27230f2a66670ed70262248b5f5254eb9
4
reference_url https://github.com/keycloak/keycloak/issues/46922
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46922
5
reference_url https://github.com/keycloak/keycloak/pull/46923
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46923
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
7
reference_url https://access.redhat.com/security/cve/CVE-2026-3911
reference_id CVE-2026-3911
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://access.redhat.com/security/cve/CVE-2026-3911
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
reference_id CVE-2026-3911
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3911
9
reference_url https://github.com/advisories/GHSA-xh32-c9wx-phrp
reference_id GHSA-xh32-c9wx-phrp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xh32-c9wx-phrp
10
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
11
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
reference_id show_bug.cgi?id=2446392
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:03:16Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2446392
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.6
purl pkg:maven/org.keycloak/keycloak-services@26.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-czza-hz45-5ka6
4
vulnerability VCID-epvz-duxp-tyf7
5
vulnerability VCID-mdys-vw33-uqa1
6
vulnerability VCID-thtq-yz7t-7kea
7
vulnerability VCID-tjyr-75f3-d7ff
8
vulnerability VCID-uuxm-2f48-3qa5
9
vulnerability VCID-vcjc-hgjb-dqhs
10
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.6
aliases CVE-2026-3911, GHSA-xh32-c9wx-phrp
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-put6-zqp1-dkhj
21
url VCID-sa2j-p1w2-ebgj
vulnerability_id VCID-sa2j-p1w2-ebgj
summary A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-7784.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
reference_id
reference_type
scores
0
value 0.0009
scoring_system epss
scoring_elements 0.25646
published_at 2026-06-14T12:55:00Z
1
value 0.0009
scoring_system epss
scoring_elements 0.25444
published_at 2026-06-11T12:55:00Z
2
value 0.0009
scoring_system epss
scoring_elements 0.25643
published_at 2026-06-12T12:55:00Z
3
value 0.0009
scoring_system epss
scoring_elements 0.25662
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-7784
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
4
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
5
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-27gp-8389-hm4w
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
7
reference_url https://github.com/keycloak/keycloak/issues/39956
reference_id 39956
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://github.com/keycloak/keycloak/issues/39956
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
12
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id CVE-2025-7784
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/security/cve/CVE-2025-7784
13
reference_url https://github.com/advisories/GHSA-27gp-8389-hm4w
reference_id GHSA-27gp-8389-hm4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-27gp-8389-hm4w
14
reference_url https://access.redhat.com/errata/RHSA-2025:12015
reference_id RHSA-2025:12015
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12015
15
reference_url https://access.redhat.com/errata/RHSA-2025:12016
reference_id RHSA-2025:12016
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://access.redhat.com/errata/RHSA-2025:12016
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
reference_id show_bug.cgi?id=2381861
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-07-18T14:46:09Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2381861
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.6
purl pkg:maven/org.keycloak/keycloak-services@26.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.6
1
url pkg:maven/org.keycloak/keycloak-services@26.3.0
purl pkg:maven/org.keycloak/keycloak-services@26.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-8txb-4xw8-aydm
9
vulnerability VCID-a6bx-hkuu-zkg4
10
vulnerability VCID-czza-hz45-5ka6
11
vulnerability VCID-ec5w-983u-tbbz
12
vulnerability VCID-ecc8-b6za-vqds
13
vulnerability VCID-epvz-duxp-tyf7
14
vulnerability VCID-f2m5-cwr1-ryc1
15
vulnerability VCID-hdz7-3722-xfe6
16
vulnerability VCID-mhqj-fy58-6fd6
17
vulnerability VCID-put6-zqp1-dkhj
18
vulnerability VCID-shne-12fw-xfbw
19
vulnerability VCID-thtq-yz7t-7kea
20
vulnerability VCID-tjyr-75f3-d7ff
21
vulnerability VCID-u1aa-s9ru-w3gf
22
vulnerability VCID-uuxm-2f48-3qa5
23
vulnerability VCID-vcjc-hgjb-dqhs
24
vulnerability VCID-vrhh-6fx6-zqbw
25
vulnerability VCID-wsdh-ap2m-5uat
26
vulnerability VCID-wwh9-7awg-h7g6
27
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.0
aliases CVE-2025-7784, GHSA-27gp-8389-hm4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sa2j-p1w2-ebgj
22
url VCID-shne-12fw-xfbw
vulnerability_id VCID-shne-12fw-xfbw
summary A flaw was found in Keycloak. A remote attacker could bypass security controls by sending a valid SAML response from an external Identity Provider (IdP) to the Keycloak SAML endpoint for IdP-initiated broker logins. This allows the attacker to complete broker logins even when the SAML Identity Provider is disabled, leading to unauthorized authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2603.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
reference_id
reference_type
scores
0
value 0.00226
scoring_system epss
scoring_elements 0.45643
published_at 2026-06-13T12:55:00Z
1
value 0.00226
scoring_system epss
scoring_elements 0.45486
published_at 2026-06-11T12:55:00Z
2
value 0.00226
scoring_system epss
scoring_elements 0.45629
published_at 2026-06-14T12:55:00Z
3
value 0.00226
scoring_system epss
scoring_elements 0.45635
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2603
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a
4
reference_url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/8ed7e59dc08d79751a27c23aadb590f06b43f132
5
reference_url https://github.com/keycloak/keycloak/commits/26.5.5
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commits/26.5.5
6
reference_url https://github.com/keycloak/keycloak/issues/46911
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46911
7
reference_url https://github.com/keycloak/keycloak/pull/46932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/46932
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2603
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-2603
reference_id CVE-2026-2603
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/security/cve/CVE-2026-2603
12
reference_url https://github.com/advisories/GHSA-x4p7-7chp-64hq
reference_id GHSA-x4p7-7chp-64hq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x4p7-7chp-64hq
13
reference_url https://access.redhat.com/errata/RHSA-2026:3925
reference_id RHSA-2026:3925
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3925
14
reference_url https://access.redhat.com/errata/RHSA-2026:3926
reference_id RHSA-2026:3926
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3926
15
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3947
16
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://access.redhat.com/errata/RHSA-2026:3948
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
reference_id show_bug.cgi?id=2440300
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-18T14:10:05Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440300
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.5
purl pkg:maven/org.keycloak/keycloak-services@26.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-5cfv-kzxe-3qg4
2
vulnerability VCID-82aq-wymj-ekby
3
vulnerability VCID-8fsf-kear-tyb2
4
vulnerability VCID-a6bx-hkuu-zkg4
5
vulnerability VCID-czza-hz45-5ka6
6
vulnerability VCID-ecc8-b6za-vqds
7
vulnerability VCID-epvz-duxp-tyf7
8
vulnerability VCID-put6-zqp1-dkhj
9
vulnerability VCID-thtq-yz7t-7kea
10
vulnerability VCID-tjyr-75f3-d7ff
11
vulnerability VCID-uuxm-2f48-3qa5
12
vulnerability VCID-vcjc-hgjb-dqhs
13
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.5
aliases CVE-2026-2603, GHSA-x4p7-7chp-64hq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-shne-12fw-xfbw
23
url VCID-tazu-5mqv-vfaq
vulnerability_id VCID-tazu-5mqv-vfaq
summary 
Duplicate Advisory: Keycloak hostname verification
# Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hw58-3793-42gg. This link is maintained to preserve external references.

# Original Description
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
2
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id CVE-2025-3501
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-3501
3
reference_url https://github.com/advisories/GHSA-r934-w73g-v4p8
reference_id GHSA-r934-w73g-v4p8
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r934-w73g-v4p8
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases GHSA-r934-w73g-v4p8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tazu-5mqv-vfaq
24
url VCID-thtq-yz7t-7kea
vulnerability_id VCID-thtq-yz7t-7kea
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.05963
published_at 2026-06-14T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.05955
published_at 2026-06-11T12:55:00Z
2
value 0.00021
scoring_system epss
scoring_elements 0.0597
published_at 2026-06-13T12:55:00Z
3
value 0.00021
scoring_system epss
scoring_elements 0.05978
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4282
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
4
reference_url https://github.com/keycloak/keycloak/issues/47719
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47719
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4282
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4282
reference_id CVE-2026-4282
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/security/cve/CVE-2026-4282
9
reference_url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
reference_id GHSA-hj93-h7pg-fh6v
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj93-h7pg-fh6v
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
reference_id show_bug.cgi?id=2448061
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T14:23:22Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448061
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4282, GHSA-hj93-h7pg-fh6v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-thtq-yz7t-7kea
25
url VCID-tjyr-75f3-d7ff
vulnerability_id VCID-tjyr-75f3-d7ff
summary A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victim’s password can delete the victim’s registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3429.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04247
published_at 2026-06-14T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04244
published_at 2026-06-13T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04256
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3429
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/68f5779230d08825e6a4b4e23471fade16434178
4
reference_url https://github.com/keycloak/keycloak/issues/47069
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47069
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
9
reference_url https://access.redhat.com/security/cve/CVE-2026-3429
reference_id CVE-2026-3429
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://access.redhat.com/security/cve/CVE-2026-3429
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
reference_id CVE-2026-3429
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3429
11
reference_url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
reference_id GHSA-8g9r-9wjw-37j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8g9r-9wjw-37j4
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
reference_id show_bug.cgi?id=2443771
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T15:43:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2443771
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-3429, GHSA-8g9r-9wjw-37j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tjyr-75f3-d7ff
26
url VCID-u1aa-s9ru-w3gf
vulnerability_id VCID-u1aa-s9ru-w3gf
summary 
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)
### Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references.

### Original Description
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.
references
0
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
1
reference_url https://github.com/keycloak/keycloak/issues/41137
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/41137
2
reference_url https://github.com/keycloak/keycloak/pull/41168
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/pull/41168
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-7784
4
reference_url https://access.redhat.com/security/cve/CVE-2025-7784
reference_id CVE-2025-7784
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2025-7784
5
reference_url https://github.com/advisories/GHSA-83j7-mhw9-388w
reference_id GHSA-83j7-mhw9-388w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-83j7-mhw9-388w
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.3.2
purl pkg:maven/org.keycloak/keycloak-services@26.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-82aq-wymj-ekby
7
vulnerability VCID-8fsf-kear-tyb2
8
vulnerability VCID-a6bx-hkuu-zkg4
9
vulnerability VCID-czza-hz45-5ka6
10
vulnerability VCID-ecc8-b6za-vqds
11
vulnerability VCID-epvz-duxp-tyf7
12
vulnerability VCID-f2m5-cwr1-ryc1
13
vulnerability VCID-mhqj-fy58-6fd6
14
vulnerability VCID-put6-zqp1-dkhj
15
vulnerability VCID-shne-12fw-xfbw
16
vulnerability VCID-thtq-yz7t-7kea
17
vulnerability VCID-tjyr-75f3-d7ff
18
vulnerability VCID-uuxm-2f48-3qa5
19
vulnerability VCID-vcjc-hgjb-dqhs
20
vulnerability VCID-vrhh-6fx6-zqbw
21
vulnerability VCID-wsdh-ap2m-5uat
22
vulnerability VCID-wwh9-7awg-h7g6
23
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.3.2
aliases GHSA-83j7-mhw9-388w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1aa-s9ru-w3gf
27
url VCID-u2cc-wm39-4qax
vulnerability_id VCID-u2cc-wm39-4qax
summary A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3501.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23671
published_at 2026-06-14T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23484
published_at 2026-06-11T12:55:00Z
2
value 0.00079
scoring_system epss
scoring_elements 0.2368
published_at 2026-06-12T12:55:00Z
3
value 0.00079
scoring_system epss
scoring_elements 0.2369
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3501
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/99ca24c832729075e04d8bc58666089268314272
4
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-hw58-3793-42gg
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3501
6
reference_url https://github.com/keycloak/keycloak/issues/39350
reference_id 39350
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/issues/39350
7
reference_url https://github.com/keycloak/keycloak/pull/39366
reference_id 39366
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://github.com/keycloak/keycloak/pull/39366
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
12
reference_url https://access.redhat.com/security/cve/CVE-2025-3501
reference_id CVE-2025-3501
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/security/cve/CVE-2025-3501
13
reference_url https://github.com/advisories/GHSA-hw58-3793-42gg
reference_id GHSA-hw58-3793-42gg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw58-3793-42gg
14
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id RHSA-2025:4335
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4335
15
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id RHSA-2025:4336
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:4336
16
reference_url https://access.redhat.com/errata/RHSA-2025:8672
reference_id RHSA-2025:8672
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:8672
17
reference_url https://access.redhat.com/errata/RHSA-2025:8690
reference_id RHSA-2025:8690
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://access.redhat.com/errata/RHSA-2025:8690
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
reference_id show_bug.cgi?id=2358834
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:12Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2358834
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3501, GHSA-hw58-3793-42gg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2cc-wm39-4qax
28
url VCID-uuxm-2f48-3qa5
vulnerability_id VCID-uuxm-2f48-3qa5
summary A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01531
published_at 2026-06-14T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01515
published_at 2026-06-11T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01519
published_at 2026-06-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01522
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4628
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4628
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
reference_id cpe:/a:redhat:build_keycloak:
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4628
reference_id CVE-2026-4628
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4628
9
reference_url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
reference_id GHSA-4pgc-gfrr-wcmg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pgc-gfrr-wcmg
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
reference_id show_bug.cgi?id=2450240
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-25T14:02:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450240
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.6.1
purl pkg:maven/org.keycloak/keycloak-services@26.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-a6bx-hkuu-zkg4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.6.1
aliases CVE-2026-4628, GHSA-4pgc-gfrr-wcmg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uuxm-2f48-3qa5
29
url VCID-vcjc-hgjb-dqhs
vulnerability_id VCID-vcjc-hgjb-dqhs
summary A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.0747
published_at 2026-06-14T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07454
published_at 2026-06-11T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07486
published_at 2026-06-12T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.0748
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4634
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0
4
reference_url https://github.com/keycloak/keycloak/issues/47716
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47716
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4634
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4634
reference_id CVE-2026-4634
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/security/cve/CVE-2026-4634
9
reference_url https://github.com/advisories/GHSA-h4wv-g838-66g3
reference_id GHSA-h4wv-g838-66g3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4wv-g838-66g3
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
reference_id show_bug.cgi?id=2450250
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:22:51Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2450250
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4634, GHSA-h4wv-g838-66g3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcjc-hgjb-dqhs
30
url VCID-vrhh-6fx6-zqbw
vulnerability_id VCID-vrhh-6fx6-zqbw
summary A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14082.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01637
published_at 2026-06-14T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01624
published_at 2026-06-11T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.01628
published_at 2026-06-12T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.0163
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14082
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/89a8cddfd669178565ae50989c49216a945d1371
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://access.redhat.com/security/cve/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/security/cve/CVE-2025-14082
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
reference_id CVE-2025-14082
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14082
7
reference_url https://github.com/advisories/GHSA-6q37-7866-h27j
reference_id GHSA-6q37-7866-h27j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6q37-7866-h27j
8
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6477
9
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://access.redhat.com/errata/RHSA-2026:6478
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
reference_id show_bug.cgi?id=2419078
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-10T14:38:32Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2419078
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.0
purl pkg:maven/org.keycloak/keycloak-services@26.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ec5w-983u-tbbz
10
vulnerability VCID-ecc8-b6za-vqds
11
vulnerability VCID-epvz-duxp-tyf7
12
vulnerability VCID-hdz7-3722-xfe6
13
vulnerability VCID-mdys-vw33-uqa1
14
vulnerability VCID-p11z-217w-r3d3
15
vulnerability VCID-put6-zqp1-dkhj
16
vulnerability VCID-shne-12fw-xfbw
17
vulnerability VCID-thtq-yz7t-7kea
18
vulnerability VCID-tjyr-75f3-d7ff
19
vulnerability VCID-ttpj-h8z5-tfgw
20
vulnerability VCID-uuxm-2f48-3qa5
21
vulnerability VCID-vcjc-hgjb-dqhs
22
vulnerability VCID-wsdh-ap2m-5uat
23
vulnerability VCID-wwh9-7awg-h7g6
24
vulnerability VCID-yfgh-e1hw-1ff7
25
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.0
aliases CVE-2025-14082, GHSA-6q37-7866-h27j
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vrhh-6fx6-zqbw
31
url VCID-wrdw-sj1s-bqbd
vulnerability_id VCID-wrdw-sj1s-bqbd
summary A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3910.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
reference_id
reference_type
scores
0
value 0.00087
scoring_system epss
scoring_elements 0.25114
published_at 2026-06-14T12:55:00Z
1
value 0.00087
scoring_system epss
scoring_elements 0.24911
published_at 2026-06-11T12:55:00Z
2
value 0.00087
scoring_system epss
scoring_elements 0.2511
published_at 2026-06-12T12:55:00Z
3
value 0.00087
scoring_system epss
scoring_elements 0.25128
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3910
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/security/advisories/GHSA-5jfq-x6xp-7rw2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3910
5
reference_url https://github.com/keycloak/keycloak/issues/39349
reference_id 39349
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://github.com/keycloak/keycloak/issues/39349
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
reference_id cpe:/a:redhat:build_keycloak:26
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
reference_id cpe:/a:redhat:build_keycloak:26.0::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.0::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2025-3910
reference_id CVE-2025-3910
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/security/cve/CVE-2025-3910
9
reference_url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
reference_id GHSA-5jfq-x6xp-7rw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jfq-x6xp-7rw2
10
reference_url https://access.redhat.com/errata/RHSA-2025:4335
reference_id RHSA-2025:4335
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4335
11
reference_url https://access.redhat.com/errata/RHSA-2025:4336
reference_id RHSA-2025:4336
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://access.redhat.com/errata/RHSA-2025:4336
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
reference_id show_bug.cgi?id=2361923
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:52:31Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2361923
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.2.2
purl pkg:maven/org.keycloak/keycloak-services@26.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1j4m-w46h-zkhq
1
vulnerability VCID-4b67-9tus-s7ds
2
vulnerability VCID-4uf3-t2q9-5fcp
3
vulnerability VCID-4y2p-6e9v-ufh7
4
vulnerability VCID-5cfv-kzxe-3qg4
5
vulnerability VCID-5gut-s9z6-u3gs
6
vulnerability VCID-6fwf-utem-8bgx
7
vulnerability VCID-82aq-wymj-ekby
8
vulnerability VCID-85r1-z7c6-6bcb
9
vulnerability VCID-8baa-m4rc-aqh5
10
vulnerability VCID-8fsf-kear-tyb2
11
vulnerability VCID-a6bx-hkuu-zkg4
12
vulnerability VCID-b7ak-4hjc-xuhh
13
vulnerability VCID-czza-hz45-5ka6
14
vulnerability VCID-ecc8-b6za-vqds
15
vulnerability VCID-epvz-duxp-tyf7
16
vulnerability VCID-f2m5-cwr1-ryc1
17
vulnerability VCID-feud-rr2t-tyfx
18
vulnerability VCID-mhqj-fy58-6fd6
19
vulnerability VCID-put6-zqp1-dkhj
20
vulnerability VCID-sa2j-p1w2-ebgj
21
vulnerability VCID-shne-12fw-xfbw
22
vulnerability VCID-thtq-yz7t-7kea
23
vulnerability VCID-tjyr-75f3-d7ff
24
vulnerability VCID-u1aa-s9ru-w3gf
25
vulnerability VCID-uuxm-2f48-3qa5
26
vulnerability VCID-vcjc-hgjb-dqhs
27
vulnerability VCID-vrhh-6fx6-zqbw
28
vulnerability VCID-wsdh-ap2m-5uat
29
vulnerability VCID-wwh9-7awg-h7g6
30
vulnerability VCID-zjcz-6z84-6ub3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.2
aliases CVE-2025-3910, GHSA-5jfq-x6xp-7rw2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wrdw-sj1s-bqbd
32
url VCID-wsdh-ap2m-5uat
vulnerability_id VCID-wsdh-ap2m-5uat
summary A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14759
published_at 2026-06-14T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14669
published_at 2026-06-11T12:55:00Z
2
value 0.00046
scoring_system epss
scoring_elements 0.1479
published_at 2026-06-12T12:55:00Z
3
value 0.00046
scoring_system epss
scoring_elements 0.14788
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-4325
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5
4
reference_url https://github.com/keycloak/keycloak/issues/47715
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47715
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-4325
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
8
reference_url https://access.redhat.com/security/cve/CVE-2026-4325
reference_id CVE-2026-4325
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/security/cve/CVE-2026-4325
9
reference_url https://github.com/advisories/GHSA-rx66-hj7g-28h7
reference_id GHSA-rx66-hj7g-28h7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rx66-hj7g-28h7
10
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id RHSA-2026:6475
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6475
11
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id RHSA-2026:6476
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6476
12
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id RHSA-2026:6477
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6477
13
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id RHSA-2026:6478
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://access.redhat.com/errata/RHSA-2026:6478
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
reference_id show_bug.cgi?id=2448351
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T13:17:04Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2448351
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-82aq-wymj-ekby
1
vulnerability VCID-8fsf-kear-tyb2
2
vulnerability VCID-a6bx-hkuu-zkg4
3
vulnerability VCID-uuxm-2f48-3qa5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
aliases CVE-2026-4325, GHSA-rx66-hj7g-28h7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wsdh-ap2m-5uat
33
url VCID-wwh9-7awg-h7g6
vulnerability_id VCID-wwh9-7awg-h7g6
summary A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2575.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09255
published_at 2026-06-14T12:55:00Z
1
value 0.0003
scoring_system epss
scoring_elements 0.09211
published_at 2026-06-11T12:55:00Z
2
value 0.0003
scoring_system epss
scoring_elements 0.09264
published_at 2026-06-12T12:55:00Z
3
value 0.0003
scoring_system epss
scoring_elements 0.09265
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2575
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f04
4
reference_url https://github.com/keycloak/keycloak/issues/46372
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/46372
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2575
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
7
reference_url https://access.redhat.com/security/cve/CVE-2026-2575
reference_id CVE-2026-2575
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/security/cve/CVE-2026-2575
8
reference_url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
reference_id GHSA-xv6h-r36f-3gp5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xv6h-r36f-3gp5
9
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3947
10
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://access.redhat.com/errata/RHSA-2026:3948
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
reference_id show_bug.cgi?id=2440149
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-18T13:34:34Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2440149
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.4
purl pkg:maven/org.keycloak/keycloak-services@26.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4uf3-t2q9-5fcp
1
vulnerability VCID-4y2p-6e9v-ufh7
2
vulnerability VCID-5cfv-kzxe-3qg4
3
vulnerability VCID-5gut-s9z6-u3gs
4
vulnerability VCID-82aq-wymj-ekby
5
vulnerability VCID-8fsf-kear-tyb2
6
vulnerability VCID-a6bx-hkuu-zkg4
7
vulnerability VCID-czza-hz45-5ka6
8
vulnerability VCID-ecc8-b6za-vqds
9
vulnerability VCID-epvz-duxp-tyf7
10
vulnerability VCID-put6-zqp1-dkhj
11
vulnerability VCID-shne-12fw-xfbw
12
vulnerability VCID-thtq-yz7t-7kea
13
vulnerability VCID-tjyr-75f3-d7ff
14
vulnerability VCID-uuxm-2f48-3qa5
15
vulnerability VCID-vcjc-hgjb-dqhs
16
vulnerability VCID-wsdh-ap2m-5uat
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.4
aliases CVE-2026-2575, GHSA-xv6h-r36f-3gp5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wwh9-7awg-h7g6
34
url VCID-zjcz-6z84-6ub3
vulnerability_id VCID-zjcz-6z84-6ub3
summary A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This allows an attacker to delay the expiration of SAML responses, potentially extending the time a response is considered valid and leading to unexpected session durations or resource consumption.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06767
published_at 2026-06-14T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06775
published_at 2026-06-11T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06793
published_at 2026-06-12T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06784
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-1190
2
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
3
reference_url https://github.com/keycloak/keycloak/issues/45646
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/45646
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
reference_id cpe:/a:redhat:jbosseapxp
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_id cpe:/a:redhat:jboss_enterprise_application_platform:8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
reference_id cpe:/a:redhat:red_hat_single_sign_on:7
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7
8
reference_url https://access.redhat.com/security/cve/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/security/cve/CVE-2026-1190
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
reference_id CVE-2026-1190
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-1190
10
reference_url https://github.com/advisories/GHSA-63v5-26vq-m4vm
reference_id GHSA-63v5-26vq-m4vm
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-63v5-26vq-m4vm
11
reference_url https://access.redhat.com/errata/RHSA-2026:3947
reference_id RHSA-2026:3947
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3947
12
reference_url https://access.redhat.com/errata/RHSA-2026:3948
reference_id RHSA-2026:3948
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://access.redhat.com/errata/RHSA-2026:3948
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
reference_id show_bug.cgi?id=2430835
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-26T20:57:42Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2430835
fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.3
purl pkg:maven/org.keycloak/keycloak-services@26.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b67-9tus-s7ds
1
vulnerability VCID-4uf3-t2q9-5fcp
2
vulnerability VCID-4y2p-6e9v-ufh7
3
vulnerability VCID-5cfv-kzxe-3qg4
4
vulnerability VCID-5gut-s9z6-u3gs
5
vulnerability VCID-82aq-wymj-ekby
6
vulnerability VCID-8fsf-kear-tyb2
7
vulnerability VCID-a6bx-hkuu-zkg4
8
vulnerability VCID-czza-hz45-5ka6
9
vulnerability VCID-ecc8-b6za-vqds
10
vulnerability VCID-epvz-duxp-tyf7
11
vulnerability VCID-put6-zqp1-dkhj
12
vulnerability VCID-shne-12fw-xfbw
13
vulnerability VCID-thtq-yz7t-7kea
14
vulnerability VCID-tjyr-75f3-d7ff
15
vulnerability VCID-uuxm-2f48-3qa5
16
vulnerability VCID-vcjc-hgjb-dqhs
17
vulnerability VCID-wsdh-ap2m-5uat
18
vulnerability VCID-wwh9-7awg-h7g6
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.3
aliases CVE-2026-1190, GHSA-63v5-26vq-m4vm
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjcz-6z84-6ub3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.2.0