Lucene search
K

6 matches found

NVD
NVD
added 2026/05/19 12:16 p.m.14 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS0.0044EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/19 10:52 a.m.54 views

CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS0.0044EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/19 10:52 a.m.8 views

CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/19 10:52 a.m.17 views

EUVD-2026-30886

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:52 a.m.11 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41872

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the WebAuthn Web Authentication flow allows a remote attacker to replay ExecuteActionsActionToken tokens. By intercepting an execute-actions email link, an attacker can register...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References6
Rows per page
Query Builder