Security Advisory

CVE-2026-4633

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-23 10:53:35

Last updated 2026-04-01 14:38:10

Assigner redhat

State PUBLISHED

Description

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.

← Browse all CVEs View on cve.org ↗