Lucene search
+L

4 matches found

euvd
euvd
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18210

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References5
osv
osv
added 2026/04/02 3:31 p.m.5 views

GHSA-RX66-HJ7G-28H7 Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.0025EPSS
Exploits0References10
cve
cve
added 2026/04/02 12:44 p.m.609 views

CVE-2026-4282

CVE-2026-4282 describes a flaw in Keycloak where the SingleUseObjectProvider is not properly isolated by type and namespace. An unauthenticated attacker can forge authorization codes, potentially leading to creation of admin-capable access tokens and privilege escalation. The available documents ...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2026/04/02 12:0 a.m.4 views

PT-2026-29729

Name of the Vulnerable Software and Affected Versions Red Hat build of Keycloak version 26.2 Description A flaw exists in the SingleUseObjectProvider, which serves as a global key-value store, due to a lack of proper type and namespace isolation. This allows an unauthenticated attacker to forge...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References14
Rows per page
Query Builder