Skip to content

Commit da8e36c

Browse files
1 parent ed6a728 commit da8e36c

1 file changed

Lines changed: 60 additions & 4 deletions

File tree

advisories/unreviewed/2026/05/GHSA-rr5q-3xwr-f323/GHSA-rr5q-3xwr-f323.json renamed to advisories/github-reviewed/2026/05/GHSA-rr5q-3xwr-f323/GHSA-rr5q-3xwr-f323.json

Lines changed: 60 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,76 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-rr5q-3xwr-f323",
4-
"modified": "2026-06-26T09:30:45Z",
4+
"modified": "2026-07-01T19:09:45Z",
55
"published": "2026-05-27T15:33:25Z",
66
"aliases": [
77
"CVE-2026-9704"
88
],
9+
"summary": "Keycloak Vulnerable to Improper Validation of Specified Quantity in Input",
910
"details": "A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.keycloak:keycloak-server-spi-private"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "26.6.3"
32+
}
33+
]
34+
}
35+
]
36+
},
37+
{
38+
"package": {
39+
"ecosystem": "Maven",
40+
"name": "org.keycloak:keycloak-services"
41+
},
42+
"ranges": [
43+
{
44+
"type": "ECOSYSTEM",
45+
"events": [
46+
{
47+
"introduced": "0"
48+
},
49+
{
50+
"fixed": "26.6.3"
51+
}
52+
]
53+
}
54+
]
55+
}
56+
],
1757
"references": [
1858
{
1959
"type": "ADVISORY",
2060
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9704"
2161
},
62+
{
63+
"type": "WEB",
64+
"url": "https://github.com/keycloak/keycloak/issues/49435"
65+
},
66+
{
67+
"type": "WEB",
68+
"url": "https://github.com/keycloak/keycloak/pull/49472"
69+
},
70+
{
71+
"type": "WEB",
72+
"url": "https://github.com/keycloak/keycloak/commit/f1e5b7776c42938d0782fd5846346b8f75c815e6"
73+
},
2274
{
2375
"type": "WEB",
2476
"url": "https://access.redhat.com/errata/RHSA-2026:25097"
@@ -42,15 +94,19 @@
4294
{
4395
"type": "WEB",
4496
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481877"
97+
},
98+
{
99+
"type": "PACKAGE",
100+
"url": "https://github.com/keycloak/keycloak"
45101
}
46102
],
47103
"database_specific": {
48104
"cwe_ids": [
49105
"CWE-1284"
50106
],
51107
"severity": "MODERATE",
52-
"github_reviewed": false,
53-
"github_reviewed_at": null,
108+
"github_reviewed": true,
109+
"github_reviewed_at": "2026-07-01T19:09:45Z",
54110
"nvd_published_at": "2026-05-27T14:17:40Z"
55111
}
56112
}

0 commit comments

Comments
 (0)