4149 matches found
Improper Verification of Cryptographic Signature
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the requestObjectSignatureAlg policy bypass during the...
CVE-2026-9791
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect OIDC token with the 'organization' scope. This allows organization metadata to be disclosed in...
Improper Handling of Insufficient Permissions or Privileges
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges in the org.keycloak.protocol.oidc component when...
Incorrect Authorization
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An...
Incorrect Authorization
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An attacker can...
PT-2026-44185
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A remote, unauthenticated attacker can cause information disclosure by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy...
PT-2026-44196
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the ClientRegistrationAuth component allows a remote unauthenticated attacker to cause a Denial of Service DoS. By sending a specially crafted POST request with a malformed...
PT-2026-44186
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can assign any realm role, including highly privileged ones, t...
PT-2026-44183
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the org.keycloak.protocol.oidc component of Keycloak's Client Policies. When specific condition providers—client-type, client-roles, client-attributes, or client-scopes—are...
PT-2026-44195
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists when revokeRefreshToken=true is enabled and persistent session storage is utilized. A server restart can reset internal timing mechanisms, allowing a remote attacker who has...
PT-2026-44187
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated administrator possessing the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU flaw in name-based admin role checks. TOCTOU is a race condition where a...
PT-2026-44193
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Client-Initiated Backchannel Authentication CIBA flow allows an attacker with valid client credentials to bypass brute-force protection. When a user account is temporarily lock...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability allows authenticated users with existing organizational membership to exploit it by accessing user-facing APIs or requesting OpenID Connect...
Keycloak 数据伪造问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a data falsification vulnerability. This vulnerability arises when submitting JSON Web encrypted request objects, and if the decrypted content is the original JSON, Keycloak may improperl...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from the org.keycloak.protocol.oidc component. When certain conditions are met, the reject-ropc-grant executor is silently bypassed, allowing unauthenticated...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from the possibility for remote, unauthenticated attackers to send specially crafted SOAP requests to the SAML ECP endpoint. These requests are accompanied ...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability stems from administrators with limited client management privileges being able to exploit the loophole in the fine-grained administrator...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak. This vulnerability stems from the fact that authenticated administrators with the manage-clients role can exploit the vulnerability in the name-based...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. There is a security vulnerability in Keycloak. This vulnerability arises when user accounts are temporarily locked due to failed login attempts. Attackers with valid client credentials can exploit the revers...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability. This vulnerability allows remote attackers with high privileges—such as domain administrators who configure malicious LDAP servers or attackers who disrupt...