Lucene search
+L

9 matches found

redhat
redhat
added 2026/06/25 5:36 p.m.4 views

keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.7AI score0.00166EPSS
Exploits0References4
nvd
nvd
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00166EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/25 4:17 p.m.36 views

CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS0.00166EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/25 4:17 p.m.6 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References7
cve
cve
added 2026/06/25 4:17 p.m.20 views

CVE-2026-9799

Affects Keycloak’s authorization component (org.keycloak.authorization). The vulnerability allows an authenticated user with a granted UMA permission ticket for one resource to bypass per-resource access control by using a specific permission request prefix, granting access to all resources of th...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References6Affected Software1
euvd
euvd
added 2026/06/25 4:17 p.m.6 views

EUVD-2026-39475

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/25 4:2 p.m.5 views

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.10 views

PT-2026-52509

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References8
Rows per page
Query Builder