keycloak: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

CVE-2026-9800 Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

EUVD-2026-39471

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

CVE-2026-9800

CVE-2026-9800 affects Keycloak Policy Enforcer. The issue allows any authenticated user to bypass authorization checks (roles, scopes, UMA) by leveraging the configured access-denied page path in the request URL, either as a path segment or a query parameter. Root cause described in records as an...

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access UMA permission checks. By including the configured access-denied page path within a request URL, either as a path...

PT-2026-44464

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14.0.0 through 29.0.1 Description The RBAC policy enforcer in the enforce call function unconditionally merges the raw JSON request body into the policy enforcement dictionary using policy dict.updatejson input.copy...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

CVE-2026-42999

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...

SUSE CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

EUVD-2026-17292

SciTokens has an Authorization Bypass via Path Traversal in Scope Validation...

EUVD-2026-17294

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking...

SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

GHSA-W8FP-G9RH-34JH SciTokens has an Authorization Bypass via Incorrect Scope Path Prefix Checking

Summary The Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the same prefix e.g., /johnathan, /johnny, which is an Authorization Bypass. Details File:...

CVE-2026-32716

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

Improper Authorization

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Improper Authorization via the validatescp and validatescope functions. An attacker can gain unauthorized access to sibling paths by crafting tokens with scope paths that share a...