Lucene search
K

200 matches found

Cvelist
Cvelist
added 6 days ago19 views

CVE-2026-11800 Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...

8.1CVSS0.0019EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/08 12:0 a.m.7 views

Incorrect Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the partialImport feature. An attacker can gain unauthorized administrative...

8.6CVSS5.9AI score0.00329EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 a.m.10 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS5AI score0.00348EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/05 7:45 a.m.6 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the getMembers methods that serve the group members endpoint. A...

5.1CVSS5.4AI score0.00348EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46909

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.services allows an administrator with delegated access to read group memberships and users to bypass user profile permissions. By accessing the group members endpoint,...

2.7CVSS5.7AI score0.00348EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2026/05/28 4:3 a.m.6 views

com.github.vzakharchenko:keycloak-plugins (>=1.1.0 <=1.2.3), com.github.vzakharchenko:mikrotik-radius-plugin (>=1.1.0 <=1.2.3) +15 more potentially affected by CVE-2026-9803 via org.keycloak:keycloak-services (>=9.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =9.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.2.0, =1.3, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.0.3 and more Source cves: CVE-2026-9803 Source advisory: SNYK:JAVA-ORGKEYCLOAK-17082663...

5.3CVSS5.4AI score0.00417EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 4:3 a.m.9 views

Out-of-bounds Read

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Out-of-bounds Read via the authorization header parsing in the ClientRegistrationAuth component. An attacker...

6.9CVSS5.9AI score0.00417EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 3:53 a.m.8 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2026-9798 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

4.3CVSS5.4AI score0.00206EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 3:53 a.m.9 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 3:32 a.m.11 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the role rename endpoint. An attacker can gain unauthorize...

8.5CVSS5.9AI score0.00186EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 3:32 a.m.7 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2026-9796 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

6.5CVSS5.4AI score0.00186EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 3:15 a.m.5 views

Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure via the SAML ECP endpoint when specially crafted SOAP requests are sent with varying...

6.9CVSS5.4AI score0.00331EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/28 3:12 a.m.7 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2026-9793 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

7.5CVSS5.4AI score0.0012EPSS
Exploits0
Snyk
Snyk
added 2026/05/28 3:8 a.m.11 views

Incorrect Authorization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Authorization via the user-facing APIs when the Organizations feature is disabled. An attacker can...

7.1CVSS5.3AI score0.00214EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/27 10:18 a.m.8 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2026-9689 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)

org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

4.2CVSS5.4AI score0.00213EPSS
Exploits0
Snyk
Snyk
added 2026/05/27 10:18 a.m.5 views

Improper Validation of Consistency within Input

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Validation of Consistency within Input via the authentication process when a client is configured wi...

4.2CVSS5.9AI score0.00213EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 2:53 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the cross-session email verification process. An attacker...

8.1CVSS5.4AI score0.00312EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/19 12:31 p.m.5 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-7571 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

7.1CVSS5.4AI score0.00344EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/19 12:31 p.m.5 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-7504 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

8.1CVSS5.4AI score0.005EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/19 12:31 p.m.5 views

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-7507 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...

7.5CVSS5.4AI score0.00418EPSS
Exploits0
Rows per page
Query Builder