CVE-2026-4628
ADVISORY - githubSummary
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.
EPSS Score: 0.00025 (0.069)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Access Control
ADVISORY - github
Improper Access Control
ADVISORY - redhat
Improper Access Control
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-4628
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-4pgc-gfrr-wcmg
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-4628
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-p27v-v5h9-q8x5
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-7473-qmjr-4jr4
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-gjhm-82v8-965j
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-