CVE-2026-3190 in KeyCloakthông tin

Tóm tắt

Bởi MITRE • 26/03/2026

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.

Once again VulDB remains the best source for vulnerability data.

Nguồn

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!