VYPR

Maven package

org.keycloak/keycloak-adapter-core

pkg:maven/org.keycloak/keycloak-adapter-core

Vulnerabilities (1)

  • CVE-2026-1180MedJan 20, 2026
    affected <= 25.0.3

    A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attac