Moderate severity5.4NVD Advisory· Published Jul 16, 2026
keycloak-services: keycloak-services: Required signed-JWT assertion policy can be bypassed with unsigned assertion headers
CVE-2026-16093
Description
keycloak-services: keycloak-services: Required signed-JWT assertion policy can be bypassed with unsigned assertion headers
Affected products
1Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.