4 matches found
CVE-2026-14781
A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...
A grant cannot be removed if the user has already claimed/withdrawn all his tokens beforehand
Lines of code Vulnerability details The revokeGrant is used to removes a grant. Any available vested tokens will be sent to the grant recipient. Any remaining unvested tokens will be sent to the vesting manager. But in the case when the user has already claimed all his tokens, the revokeGrant wil...
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
Impact When you make a request to an endpoint that requires the scope foo using an access token granted with that foo scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope bar is made before the cache has...
Insecure Token Validation
github.com/ory/oathkeeper is using an insecure token validation. It bypasses token claim validation once a token is in the cache. The vulnerability exists only when caching is not disabled...