323 matches found
CVE-2026-56668
ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL's OAuth2 Token Exchange endpoint for urn:ietf:params:oauth:grant-type:token-exchange does not verify that the subject token belongs to the requesting client or that requested scopes remain within the original token's...
CVE-2026-56668
Product/Component : ZITADEL identity management platform (OAuth2 Token Exchange endpoint). Vulnerability : Prior to version 4.15.3, the endpoint for grant-type: token-exchange does not verify that the subject token belongs to the requesting client, nor ensure requested scopes stay within the orig...
CVE-2026-54893
URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender's email address into the URL path /users/from/sendMail without percent-encoding or validation. In applications that derive the from address...
PYSEC-2026-767 Access control issue in AlekSIS-Core
An access control issue in aleksis/core/util/authhelpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set...
PT-2026-55701
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. This occurs when consent...
CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-28699
Summary: CVE-2026-28699 affects Gitea up to 1.26.1, where OAuth2 tokens presented via HTTP Basic authentication bypass scope enforcement. Root cause (from connected docs): In services/auth/basic.go, OAuth2 tokens are accepted through the Basic path with LoginMethod and IsApiToken set, but ApiToke...
CVE-2026-14614
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
UBUNTU-CVE-2026-14614
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
EUVD-2026-41556
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-14614
The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...
CVE-2026-14614
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
CVE-2026-14614
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...
PT-2026-55550
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the ClientResource component of the admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator with limited control...
GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing
Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...
CVE-2026-6556
@fastify/express versions 4.0.6 and earlier only rewrite the plugin prefix for middleware mount paths when the path argument is a string. Non-string mount paths arrays of paths and regular expressions are left unprefixed inside prefixed plugin scopes, so middleware registered with those forms doe...
PT-2026-53878
Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.7 Description A middleware scoping flaw exists where plugin prefixes are not applied to middleware mount paths when the mount path is provided as an array or a regular expression. This occurs due to...
GO-2026-5321 Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea...
CVE-2026-54573 Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy
Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...