Security Advisory

CVE-2026-4628

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 08:09:22

Last updated 2026-03-25 14:03:04

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.

← Browse all CVEs View on cve.org ↗