High severity7.4NVD Advisory· Published Apr 2, 2026· Updated Apr 16, 2026
CVE-2026-4282
CVE-2026-4282
Description
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 26.5.7 | 26.5.7 |
Affected products
12cpe:2.3:a:redhat:build_of_keycloak:26.2.15:*:*:*:text-only:*:*:*+ 4 more
- cpe:2.3:a:redhat:build_of_keycloak:26.2.15:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.2:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.4.11:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.4:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*
- osv-coords7 versionspkg:apk/chainguard/keycloak-26.5pkg:apk/chainguard/keycloak-26.5-iamguarded-compatpkg:apk/chainguard/keycloak-fips-26.5pkg:apk/chainguard/keycloak-fips-26.5-iamguarded-fipspkg:apk/wolfi/keycloak-26.5pkg:apk/wolfi/keycloak-26.5-iamguarded-compatpkg:maven/org.keycloak/keycloak-services
< 26.5.7-r0+ 6 more
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.6-r4
- (no CPE)range: < 26.5.6-r4
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7
Patches
Vulnerability mechanics
References
10- access.redhat.com/errata/RHSA-2026:6475nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6476nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6477nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6478nvdVendor AdvisoryWEB
- access.redhat.com/security/cve/CVE-2026-4282nvdVendor AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-hj93-h7pg-fh6vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-4282ghsaADVISORY
- github.com/keycloak/keycloak/commit/9046f201125a6fd6be9c116b99d348509d99d4a5ghsaWEB
- github.com/keycloak/keycloak/issues/47719ghsaWEB
News mentions
0No linked articles in our index yet.