{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62875?format=json","vulnerability_id":"VCID-yheg-stu9-r7ew","summary":"keycloak: keycloak: acceptable AAGUID policy bypass via packed self-attestation in WebAuthn registration","aliases":[{"alias":"CVE-2026-6856"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6856.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6856.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460004","reference_id":"2460004","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460004"}],"weaknesses":[{"cwe_id":287,"name":"Improper Authentication","description":"When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct."}],"exploits":[],"severity_range_score":"3.1 - 3.1","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yheg-stu9-r7ew"}