PatchSiren cyber security CVE debrief
CVE-2026-4282 Red Hat CVE debrief
A flaw was found in Keycloak's SingleUseObjectProvider, a global key-value store, which lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.4, indicating a high severity. The vulnerability was published on April 2, 2026, and last modified on June 30, 2026.
- Vendor
- Red Hat
- Product
- Red Hat build of Keycloak 26.2
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-02
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-02
- Advisory updated
- 2026-06-30
Who should care
Organizations using Keycloak for authentication and authorization should prioritize patching this vulnerability. Unauthenticated attackers can exploit this flaw to escalate privileges, potentially leading to unauthorized access to sensitive resources. Keycloak administrators should review their deployments and ensure they are running a patched version.
Technical summary
The SingleUseObjectProvider in Keycloak lacks proper type and namespace isolation, allowing unauthenticated attackers to forge authorization codes. This can lead to the creation of admin-capable access tokens, resulting in privilege escalation. The vulnerability has a CVSS score of 7.4 and is considered high severity. The attack vector is network-based, and the vulnerability can be exploited without requiring user interaction.
Defensive priority
High priority should be given to patching this vulnerability, as it allows for unauthenticated privilege escalation. Keycloak administrators should review their deployments and ensure they are running a patched version.
Recommended defensive actions
- Review Keycloak deployments and ensure they are running a patched version.
- Apply the latest security patches provided by Red Hat.
- Monitor for suspicious activity related to authorization codes and access tokens.
- Implement additional security measures, such as enhanced authentication and authorization controls.
- Consider compensating controls, such as Web Application Firewalls (WAFs), to detect and prevent exploitation attempts.
Evidence notes
The vulnerability was published on April 2, 2026, and last modified on June 30, 2026. The CVSS score is 7.4, indicating a high severity. The vulnerability affects Keycloak and can be exploited by unauthenticated attackers to escalate privileges.
Official resources
-
CVE-2026-4282 CVE record
CVE.org
-
CVE-2026-4282 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.