VYPR

Maven package

org.apache.camel/camel-keycloak

pkg:maven/org.apache.camel/camel-keycloak

Vulnerabilities (1)

  • CVE-2026-23552Feb 23, 2026
    affected >= 4.15.0, < 4.18.0fixed 4.18.0

    Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component.  The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens against the configured realm. A token issued by one Keycloak realm is silently accepte