Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

Snyk
Snykadded 2026/03/23 9:30 a.m.1 views

Access Control Bypass

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Access Control Bypass due to incomplete enforcement of access control checks on PUT operations to the...

5.3CVSS5.8AI score0.00203EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/23 9:30 a.m.3 views

EUVD-2026-14389

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References3
OSV
OSVadded 2026/03/23 9:30 a.m.2 views

GHSA-4PGC-GFRR-WCMG Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References4
NVD
NVDadded 2026/03/23 9:16 a.m.1 views

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/23 8:9 a.m.2 views

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/03/23 8:9 a.m.26 views

CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/23 8:9 a.m.1 views

CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2
CVE
CVEadded 2026/03/23 8:9 a.m.15 views

CVE-2026-4628

Keycloak contains an improper access control flaw in the UMA resource_set endpoint. The vulnerability arises from incomplete enforcement of access checks on PUT operations, allowing authenticated users to bypass allowRemoteResourceManagement=false and modify protected resources, compromising data...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/03/23 8:8 a.m.4 views

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

4.3CVSS5.6AI score0.00203EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.4 views

PT-2026-27067

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resource set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References3
NVD
NVDadded 2025/12/16 5:16 a.m.13 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS0.00315EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2025/12/16 5:2 a.m.4 views

CVE-2025-14777

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

6CVSS5.8AI score0.00315EPSS
Exploits0References5
Rows per page
Query Builder