CVE-2026-1529

EPSS 0.01%
Veröffentlicht 09.02.2026 18:36:15
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

CNA 8 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2.13-1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2-15

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2

Default Statusaffected

Version 26.2-15

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.2.13

Default Statusunaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.4

Default Statusaffected

Version 26.4.9-1

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.4

Default Statusaffected

Version 26.4-11

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.4

Default Statusaffected

Version 26.4-10

Version < *

Status unaffected

HerstellerRed Hat

≫

Produkt Red Hat build of Keycloak 26.4.9

Default Statusunaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.019

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/security/cve/CVE-2026-1529

https://bugzilla.redhat.com/show_bug.cgi?id=2433783

https://access.redhat.com/errata/RHSA-2026:2364

https://access.redhat.com/errata/RHSA-2026:2365

https://access.redhat.com/errata/RHSA-2026:2366

https://access.redhat.com/errata/RHSA-2026:2363

https://nvd.nist.gov/vuln/detail/CVE-2026-1529

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1529

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1529

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1529