CVE-2026-4282

Опубликовано: 02 апр. 2026

Источник: nvd

CVSS3: 7.4

EPSS Низкий

Описание

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.

Ссылки

EPSS

Процентиль: 14%

0.00044

Низкий

7.4 High

CVSS3

Дефекты

CWE-653

Связанные уязвимости

CVE-2026-4282

CVSS3: 7.4

redhat

8 дней назад

CVE-2026-4282

CVSS3: 7.4

debian

8 дней назад

A flaw was found in Keycloak. The SingleUseObjectProvider, a global ke ...

GHSA-hj93-h7pg-fh6v

CVSS3: 7.4

github

8 дней назад

Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw

EPSS

Процентиль: 14%

0.00044

Низкий

7.4 High

CVSS3

Дефекты

CWE-653