4149 matches found
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
CVE-2026-2733
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
CVE-2026-2733
Summary: CVE-2026-2733 affects Keycloak’s Docker v2 authentication endpoint via the org.keycloak/keycloak-services component. The root cause is a missing check on a disabled client, allowing tokens to be issued even after the client has been turned OFF. This weakens administrative controls and co...
CVE-2026-2733
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
Keycloak 授权问题漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has an authorization issue, which stems from logical problems with the Docker v2 authentication endpoint. Even if the Docker registry client is disabled by administrators, tokens are still issued,...
PT-2026-20651
A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously...
PT-2026-20653
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.10.7 Apache Camel versions 4.14.0 through 4.14.4 Apache Camel versions 4.15.0 through 4.17.9 Description The LevelDB component in Apache Camel contains a flaw where it deserializes data from the LevelDB...
PT-2026-20652
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +145 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-services (>=1.9.0.CR1 <=26.5.3)
org.keycloak:keycloak-services MAVEN version =1.9.0.CR1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-2575 Source advisory: SNYK:JAVA-ORGKEYCLOAK-15304465https://vulners.com/snyk/SNYK:JAVA-ORG...
org.keycloak:keycloak-saml-adapter-galleon-pack (>=21.1.0 <=26.5.3), org.keycloak:keycloak-saml-jakarta-servlet-filter-adapter (>=21.1.0 <=22.0.4) +28 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-adapter-core (>=1.9.0.CR1 <=26.5.3)
org.keycloak:keycloak-saml-adapter-core MAVEN version =1.9.0.CR1, =21.1.0, =21.1.0, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =1.9.0.CR1, =20.0.0, =20.0.0, =1.9.0.CR1, =20.0.0, =1.9.0.CR1, =20.0.0, =1.9.0.CR1, =1.9.8.Final and more Source cves: CVE-2026-2575 Source advisory:...
com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak (=24.3.0.0), com.github.wnameless.spring.boot.up:spring-boot-up-keycloak-plugin (=24.3.0.0) +65 more potentially affected by CVE-2026-2575 via org.keycloak:keycloak-saml-core (>=1.9.0.CR1 <=26.5.3)
org.keycloak:keycloak-saml-core MAVEN version =1.9.0.CR1, =2.5.6-24.0, =1.0.0-25.0, =0.1.0, =2.1, =8.1, =2.1, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.5.3 and more Source cves: CVE-2026-2575https://vulners.com/cve/CVE-20...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption...
Improper Handling of Highly Compressed Data (Data Amplification)
Overview Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data Data Amplification via the SAMLRequest DEFLATE decompression. An attacker can cause service disruption by sending a highly compressed requests that trigger excessive resource consumption durin...
PT-2026-8388
Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.5 Description Rocket TRUfusion Enterprise through version 7.10.5 has a path traversal issue in the WsPortalV6UpDwAxis2Impl service, accessible via the API endpoint...
oidc-poc
OIDC SSO Proof of Concept Proof of concept for bidirectional...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +192 more potentially affected by CVE-2026-2366 via org.keycloak:keycloak-services (>=10.0.0 <=26.5.5)
org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
Keycloak 安全漏洞
Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability, which stems from an authorization bypass in the Admin API. This vulnerability may lead to information leakage...
Keycloak Detection Consolidation
Consolidation of Keycloak detections. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; if description...