CNNVD-202601-4462 Information

CNNVD ID

CNNVD-202601-4462

Related CVE

CVE-2025-13881

• CNNVD Published: 2026-01-27

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于管理员API权限控制不当，可能导致受限管理员检索敏感用户属性。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from inadequate control of the API privileges of the administrator, which could lead to restricted administrators retrieving sensitive user attributes.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2026-01-27

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2025-13881 https://bugzilla.redhat.com/show_bug.cgi?id=2418330 https://access.redhat.com/security/cve/cve-2025-13881

Patch

https://www.keycloak.org/