Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-hj93-h7pg-fh6v

Опубликовано: 02 апр. 2026
Источник: github
Github: Прошло ревью
CVSS3: 7.4

Описание

Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-services

maven
Затронутые версииВерсия исправления

< 26.5.7

26.5.7

EPSS

Процентиль: 14%
0.00044
Низкий

7.4 High

CVSS3

CVE ID

CVE-2026-4282

Дефекты

CWE-653

Связанные уязвимости

redhat логотип

CVE-2026-4282

CVSS3: 7.4
redhat
8 дней назад

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.

nvd логотип

CVE-2026-4282

CVSS3: 7.4
nvd
8 дней назад

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.

debian логотип

CVE-2026-4282

CVSS3: 7.4
debian
8 дней назад

A flaw was found in Keycloak. The SingleUseObjectProvider, a global ke ...

EPSS

Процентиль: 14%
0.00044
Низкий

7.4 High

CVSS3

CVE ID

CVE-2026-4282

Дефекты

CWE-653