Lucene search
+L

6 matches found

nvd
nvd
added 2026/05/28 5:16 a.m.20 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS0.0012EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/28 3:44 a.m.11 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/28 3:44 a.m.14 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.0012EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/28 3:44 a.m.40 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS0.0012EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/05/28 3:44 a.m.20 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS5.7AI score0.0012EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.20 views

PT-2026-44184

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists where Keycloak may incorrectly process unsigned claims when a JSON Web Encryption JWE encrypted request object is submitted, provided the decrypted content is raw JSON. This...

7.5CVSS5.5AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder