CVE-2026-16072
CVE-2026-16072 affects Keycloak’s organization management component. A delegated administrator with org-management permissions can create an invitation for a non-existent email address and then fetch the secret registration link via the API, enabling creation of new user accounts and their additi...