Logo
Retour à la veille

CVE-2026-9088

Publié : 5 juin 2026
Modifié : 5 juin 2026
Lien officiel NVD
Score CVSS
2.7
LOW

Description détaillée

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Références et Patchs

https://access.redhat.com/security/cve/CVE-2026-9088https://bugzilla.redhat.com/show_bug.cgi?id=2480179

Dernières Vulnérabilités

CVE-2026-6209

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2.

VOIR DÉTAILS

CVE-2026-6208

Authorization bypass through User-Controlled key vulnerability in HAVELSAN Inc. Geographic Tracking System allows Exploitation of Trusted Identifiers. This issue affects Geographic Tracking System: before v0.0.2.

VOIR DÉTAILS

CVE-2026-6207

Observable response discrepancy vulnerability in HAVELSAN Inc. Geographic Tracking System allows System Footprinting. This issue affects Geographic Tracking System: before v0.0.2.

VOIR DÉTAILS