VYPR
High severity8.1NVD Advisory· Published Feb 9, 2026· Updated Apr 15, 2026

CVE-2026-1529

CVE-2026-1529

Description

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
>= 26.5.0, < 26.5.326.5.3
org.keycloak:keycloak-servicesMaven
< 26.2.1326.2.13
org.keycloak:keycloak-servicesMaven
>= 26.3.0, < 26.4.926.4.9

Affected products

1

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.