Threats Tagged 'cve-2026-9083'
View all threats tagged with 'cve-2026-9083'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-9083'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-9083: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Red Hat Red Hat build of Keycloak 26.6CVE-2026-9083 0 A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks. Join the discussion | CVE Database V5 | 06/25/2026, 16:17:49 UTC Added: 06/25/2026, 16:46:09 UTC |
Red Hat Security Advisory: Red Hat build of Keycloak 26.6.4 Security UpdateCVE-2026-6860 0 Red Hat build of Keycloak 26.6.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes: * Information disclosure via CORS header injection due to unvalidated JWT azp claim (CVE-2026-37977) * Server-Side Request Forgery via OIDC token endpoint manipulation (CVE-2026-4874) * eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name (CVE-2026-6860) * Improper Access Control on Keycloak Server when the account Account API feature is disabled (CVE-2026-7500) * Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation (CVE-2026-8830) * Security flaw in org.keycloak/keycloak-services (CVE-2026-8922) * Information disclosure through arbitrary filesystem path probing (CVE-2026-9083) * Cross-site scripting (XSS) via case-insensitive URI validation bypass (CVE-2026-9086) * Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login (CVE-2026-9087) * Information disclosure due to user profile permission bypass (CVE-2026-9088) * Group-Admin Escalation to Realm-Admin (CVE-2026-9099) * Privilege escalation due to oversized subject_token JWT (CVE-2026-9704) * Attacker can re-enable and take over disabled clients via Registration Access Token (CVE-2026-9705) * Organization Data Leak After Feature Disabled in Keycloak (CVE-2026-9791) * Security restriction bypass allows unauthorized ROPC token acquisition (CVE-2026-9792) * Information disclosure via SAML ECP endpoint (CVE-2026-9794) * Privilege escalation via improper scope mapping enforcement (CVE-2026-9795) * Unauthorized access to resources via UMA permission ticket bypass (CVE-2026-9799) * Authorization bypass via incorrect URI comparison (CVE-2026-9800) * Denial of Service via malformed LDAP password policy response (CVE-2026-9801) * Unauthorized account access via replayed refresh tokens after cluster restart (CVE-2026-9802) * Denial of Service via malformed Authorization header (CVE-2026-9803) Join the discussion | GCVE Database | 06/25/2026, 18:47:39 UTC Added: 06/18/2026, 18:45:00 UTC |
Showing 1 to 2 of 2 results