4149 matches found
CVE-2026-4628 vulnerabilities
Vulnerabilities for packages: keycloak-fips...
CVE-2026-4634 vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
GHSA-F2HX-5FX3-HMCV vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
CVE-2026-4636 vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
CVE-2026-4282 vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
CVE-2026-3872 vulnerabilities
Vulnerabilities for packages: keycloak, keycloak-fips...
GHSA-4PGC-GFRR-WCMG vulnerabilities
Vulnerabilities for packages: keycloak-fips...
EUVD-2026-18210
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
EUVD-2026-18208
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...
EUVD-2026-18213
A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4636 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4636 Source advisory: OSV:GHSA-F2HX-5FX3-HMCVhttps://vulners.com/osv/OSV:GHSA-F2HX-5FX3-...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4325 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4325 Source advisory: OSV:GHSA-RX66-HJ7G-28H7https://vulners.com/osv/OSV:GHSA-RX66-HJ7G-...
EUVD-2026-18212
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
GHSA-H4WV-G838-66G3 Keycloak: Application-Level DoS via Scope Processing
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4282 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4282 Source advisory: OSV:GHSA-HJ93-H7PG-FH6Vhttps://vulners.com/osv/OSV:GHSA-HJ93-H7PG-...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-4634 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-4634 Source advisory: OSV:GHSA-H4WV-G838-66G3https://vulners.com/osv/OSV:GHSA-H4WV-G838-...
Excessive Platform Resource Consumption within a Loop
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Excessive Platform Resource Consumption within a Loop via the scope parameter processing in the OpenID Connec...
Improper Isolation or Compartmentalization
Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through improper handling of single-use entries in the SingleUseObjectProvider a global key-value store. An attacker can gain unauthorized access or compromise accounts by replaying consumed...
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Behavior Order: Authorization Before Parsing and Canonicalization via the UMA Policy Resource user...
Improper Isolation or Compartmentalization
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through improper handling of single-use entries in the...