Medium severity6.8NVD Advisory· Published May 19, 2026· Updated Jun 3, 2026
CVE-2026-4630
CVE-2026-4630
Description
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- access.redhat.com/errata/RHSA-2026:19596nvdVendor Advisory
- access.redhat.com/errata/RHSA-2026:19597nvdVendor Advisory
- access.redhat.com/security/cve/CVE-2026-4630nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdVendor Advisory
News mentions
0No linked articles in our index yet.