Lucene search
K

4 matches found

NVD
NVD
added 2026/02/09 8:15 p.m.5 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS0.00449EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/09 6:36 p.m.4 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.5AI score0.00449EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 6:36 p.m.4 views

CVE-2026-1486

A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider IdP is enabled before issuing tokens. The issuer lookup mechanism lookupIdentityProviderFromIssuer retrieves the IdP configuration but does not filter...

8.8CVSS5.6AI score0.00449EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.9 views

Keycloak 安全特征问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak, which stems from the jwt-authorization-grant process. During token issuance, the server does not verify whether the identity provider is enabled. This...

8.8CVSS5.8AI score0.00449EPSS
Exploits0References4
Rows per page
Query Builder