Security Advisory

CVE-2026-1529

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-09 18:36:15

Last updated 2026-02-16 21:45:35

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation tokens JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

← Browse all CVEs View on cve.org ↗