VYPR

PyPI package

apache-airflow-providers-keycloak

pkg:pypi/apache-airflow-providers-keycloak

Vulnerabilities (1)

  • CVE-2026-40948MedApr 18, 2026
    affected >= 0.0.1, < 0.7.0fixed 0.7.0

    The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback