PT-2026-27107 · Red Hat · Keycloak

Osidb Bzimport

·

Publicado

2026-03-23

·

Atualizado

2026-05-23

·

CVE-2026-4633

CVSS v3.1

3.7

Baixa

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)
Description A flaw exists in Keycloak that allows a remote attacker to determine the existence of users, resulting in information disclosure through user enumeration. This occurs due to differential error messages during the identity-first login flow when Organizations are enabled. The issue allows attackers to map accounts for further attacks.
Recommendations Disable Organizations. Disable the identity-first login flow.

Correção

Generation of Error Message Containing Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-209

Identificadores relacionados

CVE-2026-4633
GHSA-RHGQ-F8X5-J2JC

Produtos afetados

Keycloak