Search for packages
Package details: pkg:maven/org.keycloak/keycloak-services@26.0.6
purl pkg:maven/org.keycloak/keycloak-services@26.0.6
Next non-vulnerable version 26.2.2
Latest non-vulnerable version 26.2.2
Risk 4.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-1azf-tnm3-pyh3
Aliases:
GHSA-fx44-2wx5-5fvp
Duplicate Advisory: Keycloak vulnerable to two factor authentication bypass
26.2.2
Affected by 0 other vulnerabilities.
VCID-5hrf-cqc3-b7am
Aliases:
GHSA-r934-w73g-v4p8
Duplicate Advisory: Keycloak hostname verification
26.2.2
Affected by 0 other vulnerabilities.
VCID-dk7y-hky5-kbey
Aliases:
GHSA-rq4w-cjrr-h8w8
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. # Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.
26.1.2
Affected by 5 other vulnerabilities.
VCID-ur9z-vd6r-9qcj
Aliases:
CVE-2025-2559
GHSA-2935-2wfm-hhpv
org.keycloak/keycloak-services: JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak
26.1.5
Affected by 4 other vulnerabilities.
VCID-w71m-tyt8-dqby
Aliases:
CVE-2025-3501
GHSA-hw58-3793-42gg
A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.
26.2.2
Affected by 0 other vulnerabilities.
VCID-ze83-qhsk-67bh
Aliases:
CVE-2025-3910
GHSA-5jfq-x6xp-7rw2
A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.
26.2.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-e51s-1cpw-qufr org.keycloak:keycloak-services: Keycloak Denial of Service CVE-2024-10270
GHSA-wq8x-cg39-8mrr
VCID-gpuj-k3g2-cyga Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity GHSA-j3x3-r585-4qhg

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:44:03.988053+00:00 GithubOSV Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 36.1.3
2025-06-20T17:21:01.318012+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.3
2025-06-20T17:20:56.204013+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.3
2025-06-20T17:20:52.272782+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.3
2025-06-20T17:20:51.398817+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.3
2025-06-20T17:19:06.181841+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.3
2025-06-20T17:16:39.309098+00:00 GitLab Importer Affected by VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.3
2025-06-20T17:12:54.544676+00:00 GitLab Importer Fixing VCID-e51s-1cpw-qufr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2024-10270.yml 36.1.3
2025-06-20T17:12:53.480090+00:00 GitLab Importer Fixing VCID-gpuj-k3g2-cyga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-j3x3-r585-4qhg.yml 36.1.3
2025-06-04T05:58:38.860071+00:00 GithubOSV Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 36.1.0
2025-06-03T23:55:54.179292+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.0
2025-06-03T23:55:49.382851+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.0
2025-06-03T23:55:46.207705+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.0
2025-06-03T23:55:45.407599+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.0
2025-06-03T23:54:02.818529+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.0
2025-06-03T23:51:52.265805+00:00 GitLab Importer Affected by VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.0
2025-06-03T23:48:32.495903+00:00 GitLab Importer Fixing VCID-e51s-1cpw-qufr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2024-10270.yml 36.1.0
2025-06-03T23:48:31.273023+00:00 GitLab Importer Fixing VCID-gpuj-k3g2-cyga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-j3x3-r585-4qhg.yml 36.1.0
2025-06-02T23:54:49.359548+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.1.2
2025-06-02T23:54:44.243762+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.1.2
2025-06-02T23:54:40.945591+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.1.2
2025-06-02T23:54:40.080582+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.1.2
2025-06-02T23:52:59.646829+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.1.2
2025-06-02T23:50:40.404193+00:00 GitLab Importer Affected by VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.1.2
2025-06-02T23:47:12.958830+00:00 GitLab Importer Fixing VCID-e51s-1cpw-qufr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2024-10270.yml 36.1.2
2025-06-02T23:47:11.843467+00:00 GitLab Importer Fixing VCID-gpuj-k3g2-cyga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-j3x3-r585-4qhg.yml 36.1.2
2025-06-02T20:35:25.195481+00:00 GithubOSV Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 36.1.2
2025-05-31T23:45:02.415828+00:00 GitLab Importer Affected by VCID-w71m-tyt8-dqby https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3501.yml 36.0.0
2025-05-31T23:44:57.113755+00:00 GitLab Importer Affected by VCID-ze83-qhsk-67bh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-3910.yml 36.0.0
2025-05-31T02:29:19.071518+00:00 GitLab Importer Affected by VCID-1azf-tnm3-pyh3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-fx44-2wx5-5fvp.yml 36.0.0
2025-05-31T02:29:18.148109+00:00 GitLab Importer Affected by VCID-5hrf-cqc3-b7am https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-r934-w73g-v4p8.yml 36.0.0
2025-05-01T17:23:41.114137+00:00 GitLab Importer Affected by VCID-ur9z-vd6r-9qcj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2025-2559.yml 36.0.0
2025-04-15T18:57:32.251036+00:00 GithubOSV Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 36.0.0
2025-04-03T22:41:52.420889+00:00 GitLab Importer Affected by VCID-dk7y-hky5-kbey https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-rq4w-cjrr-h8w8.yml 36.0.0
2025-04-03T22:34:36.415693+00:00 GitLab Importer Fixing VCID-e51s-1cpw-qufr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2024-10270.yml 36.0.0
2025-04-03T22:34:33.477779+00:00 GitLab Importer Fixing VCID-gpuj-k3g2-cyga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-j3x3-r585-4qhg.yml 36.0.0
2025-01-16T23:28:54.186239+00:00 GitLab Importer Fixing VCID-e51s-1cpw-qufr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/CVE-2024-10270.yml 35.1.0
2025-01-16T23:28:33.686109+00:00 GitLab Importer Fixing VCID-gpuj-k3g2-cyga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.keycloak/keycloak-services/GHSA-j3x3-r585-4qhg.yml 35.1.0
2024-11-26T20:38:07.705833+00:00 GithubOSV Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-j3x3-r585-4qhg/GHSA-j3x3-r585-4qhg.json 35.0.0
2024-11-26T20:38:00.368584+00:00 GithubOSV Importer Fixing VCID-e51s-1cpw-qufr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-wq8x-cg39-8mrr/GHSA-wq8x-cg39-8mrr.json 35.0.0
2024-11-26T06:14:30.585931+00:00 GHSA Importer Fixing VCID-e51s-1cpw-qufr https://github.com/advisories/GHSA-wq8x-cg39-8mrr 35.0.0
2024-11-26T05:51:10.488937+00:00 GHSA Importer Fixing VCID-gpuj-k3g2-cyga https://github.com/advisories/GHSA-j3x3-r585-4qhg 35.0.0