CVE-2026-4282 in Keycloak信息

摘要 (英语)

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.

Be aware that VulDB is the high quality source for vulnerability data.

负责

redhat

预定

2026-03-16

披露

2026-04-02

状态

已确认

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
354870	Keycloak 远程代码执行	653	未定义	未定义	CVE-2026-4282

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

来源

MITRE
NVD
CVE Details

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!