CVE-2026-4633

ADVISORY - github

Summary

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.

EPSS Score⁠: 0.00049 (0.153)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-209⁠

Generation of Error Message Containing Sensitive Information

ADVISORY - github

CWE-209⁠

Generation of Error Message Containing Sensitive Information

Impacted images

Advisories

NIST

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDCVE-2026-4633⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

3.7low

GitHub

CREATED

8 days ago

UPDATED

4 days ago

ADVISORY IDGHSA-rhgq-f8x5-j2jc⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

3.7low