34 matches found
CVE-2026-53913
CVE-2026-53913 – Apache Camel Keycloak (camel-keycloak) : The vulnerability arises because the KeycloakSecurityPolicy performs token verification only inside role and permission checks. By default, requiredRoles and requiredPermissions are empty, causing these checks to be skipped while the polic...
PT-2026-55890
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.18.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description Insufficient session expiration in the Apache Camel Keycloak Component occurs because the KeycloakSecurityHelper.parseAndVerifyAccessToken...
CVE-2026-4636
A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...
Apache Camel 4.15.0 < 4.18.0 Authentication Bypass (CVE-2026-23552)
The version of Apache Camel on the remote host is 4.15.0 prior to 4.18.0. It is, therefore, affected by an authentication bypass vulnerability: - The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one...
CVE-2026-23552
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the KeycloakSecurityPolicy which does not validate the iss issuer claim of JWT tokens against the configured realm. An attacker can gain unauthorized access to resources by providing a JWT token issued by a...
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
CVE-2026-23552 Apache Camel: Camel-Keycloak: Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy
Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepted by a policy...
Apache Camel 安全漏洞
Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern from the Apache Foundation in the United States. This framework provides implementations of Java objects following the Enterprise Integration Pattern and allows routing and mediation rules to be...
PT-2026-20652
Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.15.0 through 4.17.9 Description The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss issuer claim of JWT tokens against the configured realm. This allows a token issued by one Keycloak realm to be silentl...
Exploit for CVE-2026-23552
CVE-2026-23552 - Cross-Realm Token Acceptance in camel-keycloa...
EUVD-2019-0420
Malware in sbrugna...
EUVD-2023-1780
Malicious code in bioql PyPI...
EUVD-2022-5850
Malicious code in bioql PyPI...
EUVD-2023-0967
Malicious code in bioql PyPI...
EUVD-2025-4583
Malicious code in bioql PyPI...
EUVD-2024-2787
Malicious code in bioql PyPI...
CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...
CVE-2025-7784
CVE-2025-7784 - Keycloak FGAPv2 Privilege Escalation This entry describes a privilege-escalation vulnerability in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user who holds the manage-users role can elevate themselves to realm-admin due to improper privile...
Account Takeover
org.keycloak, keycloak-services is vulnerable to Account Takeover. The vulnerability is due to insufficient validation during account merging and email verification, which allows an attacker to change their email to the victim's address and trigger a verification email to the victim...