CNNVD-202602-1309 Information

CNNVD ID

CNNVD-202602-1309

Related CVE

CVE-2026-1486

• CNNVD Published: 2026-02-09

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全特征问题漏洞，该漏洞源于jwt-authorization-grant流程中服务器未在颁发令牌前验证身份提供商是否启用，可能导致攻击者使用已禁用身份提供商的签名密钥生成有效断言。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. There is a security feature loophole in Keycloak, which stems from the failure of the server in the jwt-authorization-grant process to verify whether the identification provider is enabled before a token is issued, which could lead the assailant to produce a valid assertion using the banned signature key of the identity provider.

Hazard Level

Medium

Vulnerability Type

安全特征问题

Affected Vendor

Keycloak

Published

2026-02-09

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2026-1486 https://bugzilla.redhat.com/show_bug.cgi?id=2433347 https://access.redhat.com/security/cve/cve-2026-1486