CVE-2026-4282

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak where the SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This allows an unauthenticated attacker to forge authorization codes, potentially leading to the creation of admin-capable access tokens and privilege escalation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.