4149 matches found
CVE-2026-33871 vulnerabilities
Vulnerabilities for packages: hono, seata, spark-fips, keycloak, pinot, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, thingsboard, camunda-zeebe, opensearch, opensearch-fips, spark, elasticsearch-fips, infinispan, kafka-bridge-fips, kafbat-ui-fips, kserve-modelmesh, strimzi-kafka-operato...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: celeborn, apache-pulsar, apache-activemq-artemis, wildfly, thingsboard, neo4j, strimzi-kafka-operator, flyway, keycloak, opensearch, zipkin, spark, wavefront-proxy, tez, trino, logstash, druid, kserve-modelmesh, akhq, management-api-for-apache-cassandra-5.0,...
GHSA-PWQR-WMGM-9RR8 vulnerabilities
Vulnerabilities for packages: celeborn, apache-pulsar, apache-activemq-artemis, wildfly, thingsboard, neo4j, strimzi-kafka-operator, flyway, keycloak, opensearch, zipkin, spark, wavefront-proxy, tez, trino, logstash, druid, kserve-modelmesh, akhq, management-api-for-apache-cassandra-5.0,...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: hono, seata, spark-fips, keycloak, pinot, akhq, knative-kafka-broker-fips, flyway-fips, kayenta, thingsboard, wavefront-proxy, camunda-zeebe, opensearch, opensearch-fips, spark, elasticsearch-fips, infinispan, kafka-bridge-fips, kafbat-ui-fips, kserve-modelmesh,...
com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +62 more potentially affected by CVE-2026-3190 via org.keycloak:keycloak-model-jpa (>=1.0-alpha-1-12062013 <=26.5.5)
org.keycloak:keycloak-model-jpa MAVEN version =1.0-alpha-1-12062013, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =5.1.0-26.1, =2.5.6-24.0, =0.1.1, =0.1.1-rc3 and more Source cves: CVE-2026-3190 Source advisory:...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3190 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.5)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3190 Source advisory: OSV:GHSA-Q35R-VVHV-VX5Hhttps://vulners.com/osv/OSV:GHSA-Q35R-VVHV-...
EUVD-2026-16309
A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...
EUVD-2026-16307
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3121 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.5)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3121 Source advisory: OSV:GHSA-7XF9-4JFC-WGM4https://vulners.com/osv/OSV:GHSA-7XF9-4JFC-...
GHSA-7XF9-4JFC-WGM4 Keycloak: manage-clients permission escalates to full realm admin access
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
GHSA-Q35R-VVHV-VX5H Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...
Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...
Keycloak: manage-clients permission escalates to full realm admin access
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
CVE-2026-3121
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
CVE-2026-3190
A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...
CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
CVE-2026-3121
CVE-2026-3121 describes privilege escalation in Keycloak where an administrator with manage-clients permission can leverage a misconfiguration to gain full realm admin access when realm-level admin permissions are enabled. Connected Red Hat advisories (RHSA-2026:6478, RHSA-6477, and RHSA-6477-CVE...
CVE-2026-3121
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api
A flaw was found in Keycloak. The User-Managed Access UMA 2.0 Protection API endpoint for permission tickets fails to enforce the umaprotection role check. This allows any authenticated user with a token issued for a resource server client, even without the umaprotection role, to enumerate all...