3.1
CVE-2026-2366
- EPSS 0.03%
- Veröffentlicht 12.03.2026 10:54:31
- Zuletzt bearbeitet 02.04.2026 14:16:27
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: keycloak: information disclosure via authorization bypass in admin api
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.4
Default Statusaffected
Version
26.4.11-1
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.4
Default Statusaffected
Version
26.4-14
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.4
Default Statusaffected
Version
26.4-14
Version <
*
Status
unaffected
HerstellerRed Hat
≫
Produkt
Red Hat build of Keycloak 26.4.11
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.099 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.