PT-2026-27107 · Red Hat · Red Hat Build Of Keycloak
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-4633
CVSS v3.1
3.7
Low
| AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Build Of Keycloak