CNNVD-202602-1308 Information

CNNVD ID

CNNVD-202602-1308

Related CVE

CVE-2026-1529

• CNNVD Published: 2026-02-09

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞，该漏洞源于缺乏加密签名验证，攻击者可能通过修改邀请令牌JWT有效载荷中的组织ID和目标电子邮件，成功自注册到未经授权的组织。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security loophole in Keycloak, which stems from the lack of encrypted signature authentication, and the assailants may have successfully registered themselves with unauthorized organizations by modifying the organizational ID and target e-mail in the invitation token JWT payload.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Keycloak

Published

2026-02-09

Last Modified

2026-02-24

References

https://access.redhat.com/errata/RHSA-2026:2364 https://access.redhat.com/security/cve/CVE-2026-1529 https://bugzilla.redhat.com/show_bug.cgi?id=2433783 https://access.redhat.com/security/cve/cve-2026-1529