Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 5:38 p.m.8 views

keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.4AI score0.0032EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/27 12:56 p.m.11 views

CVE-2026-9704 Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

6.8CVSS5.8AI score0.0032EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:56 p.m.9 views

CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.19 views

PT-2026-43993

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated user with low privileges can achieve privilege escalation by sending an oversized JSON Web Token JWT, which is a compact, URL-safe means of representing claims to be...

8.8CVSS5.8AI score0.0032EPSS
Exploits0References12
Rows per page
Query Builder