CVE-2026-4630

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.8 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.

Vulnerability Details

Published Date

May 19, 2026

Last Modified

May 20, 2026

CWE ID

CWE-639

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-4630
https://bugzilla.redhat.com/show_bug.cgi?id=2450245

CVE-2026-4630

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment