CVE-2026-4628

ADVISORY - github

Summary

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.

EPSS Score⁠: 0.00029 (0.084)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-284⁠

Improper Access Control

ADVISORY - github

CWE-284⁠

Improper Access Control

ADVISORY - redhat

CWE-284⁠

Improper Access Control

Impacted images

Advisories

NIST

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4628⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium

GitHub

CREATED

8 days ago

UPDATED

4 days ago

ADVISORY IDGHSA-4pgc-gfrr-wcmg⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium

Red Hat

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4628⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.3medium