6 matches found
CVE-2026-9793
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
CVE-2026-9793
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
CVE-2026-9793
A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...
PT-2026-44184
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists where Keycloak may incorrectly process unsigned claims when a JSON Web Encryption JWE encrypted request object is submitted, provided the decrypted content is raw JSON. This...