CNNVD-202601-3439 Information

CNNVD ID

CNNVD-202601-3439

Related CVE

CVE-2025-14559

• CNNVD Published: 2026-01-21

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于令牌交换实现存在业务逻辑漏洞，可能导致为已禁用用户颁发访问和刷新令牌，引发未经授权的权限使用。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the business logic gap of token exchange, which may lead to the issuance of access and the updating of tokens for banned users, triggering unauthorized access.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2026-01-21

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-14559 https://bugzilla.redhat.com/show_bug.cgi?id=2421711