Skip to main content
Threat Radar animated logo
DashboardThreatsMapFeedsPricingView Plans & Pricing
reconnecting
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'cve-2026-4874'

View all threats tagged with 'cve-2026-4874'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: cve-2026-4874

Threats Tagged 'cve-2026-4874'

Click on any threat for detailed analysis and mitigation recommendations

Red Hat Security Advisory: Red Hat build of Keycloak 26.6.3 UpdateCVE-2026-4874
0

Red Hat build of Keycloak 26.6.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes: * Security restriction bypass allows unauthorized ROPC token acquisition (CVE-2026-9792) * Privilege escalation due to oversized subject_token JWT (CVE-2026-9704) * Denial of Service via malformed LDAP password policy response (CVE-2026-9801) * Denial of Service via malformed Authorization header (CVE-2026-9803) * Organization Data Leak After Feature Disabled in Keycloak (CVE-2026-9791) * Information disclosure via SAML ECP endpoint (CVE-2026-9794) * Unauthorized account access via replayed refresh tokens after cluster restart (CVE-2026-9802) * Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login (CVE-2026-9087) * Information disclosure due to user profile permission bypass (CVE-2026-9088) * Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation (CVE-2026-8830) * Improper Access Control on Keycloak Server when the account Account API feature is disabled (CVE-2026-7500) * Security flaw in org.keycloak/keycloak-services (CVE-2026-8922) * Information disclosure via CORS header injection due to unvalidated JWT azp claim (CVE-2026-37977) * Server-Side Request Forgery via OIDC token endpoint manipulation (CVE-2026-4874)

HighVulnerability#gcve#csaf#cve-2026-4874
Join the discussion

Showing 1 to 1 of 1 result

Filters:Tag: cve-2026-4874
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses