CVE-2026-2366 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative p…
Low CVSS: 3.1

CVE-2026-2366

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.
Vendor
-
Product
-
CWE
CWE-639
Yayın Tarihi
2026-03-12 11:15:55
Güncelleme
2026-04-02 14:16:27
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-639 LOW 2026

Referanslar

https://access.redhat.com/errata/RHSA-2026:6477 https://access.redhat.com/errata/RHSA-2026:6478 https://access.redhat.com/security/cve/CVE-2026-2366 https://bugzilla.redhat.com/show_bug.cgi?id=2439081