CNNVD-202601-3440 Information

CNNVD ID

CNNVD-202601-3440

Related CVE

CVE-2026-1035

• CNNVD Published: 2026-01-21

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于TokenManager类在处理刷新令牌时验证和更新操作非原子性，可能导致并发刷新请求绕过单次使用限制。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the fact that TokenManager class validates and updates the non-atomic nature of the operation when it handles a refreshing token, which may lead to the issuance of a refreshing request circumventing a single use limit.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2026-01-21

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2026-1035 https://bugzilla.redhat.com/show_bug.cgi?id=2430314