Keycloak Vulnerability Allows Information Disclosure
Summary
CERT-Bund has issued a security advisory regarding a vulnerability in Keycloak that allows for information disclosure. The vulnerability affects Keycloak versions running on Linux and UNIX operating systems. Users are advised to consult the advisory for mitigation details.
What changed
CERT-Bund has released a security advisory (WID-SEC-2026-0768) detailing a vulnerability in Keycloak, a popular open-source identity and access management solution. The vulnerability, with a CVSS Base Score of 5.8, allows remote, anonymous attackers to disclose information. This advisory applies to Keycloak versions running on Linux and UNIX operating systems.
Organizations utilizing Keycloak should review the advisory to understand the potential impact and implement necessary mitigation strategies. While the advisory does not specify a compliance deadline, prompt action is recommended to address the information disclosure risk. Further details and specific mitigation steps can be found via the provided CVE and information links.
What to do next
- Review CERT-Bund security advisory WID-SEC-2026-0768 for Keycloak vulnerability.
- Assess the impact of the information disclosure vulnerability on your Keycloak instances.
- Implement recommended mitigation strategies provided by CERT-Bund or Keycloak.
Source document (simplified)
[WID-SEC-2026-0768] Keycloak: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 5.8 (mittel) CVSS Temporal Score 5.3 (mittel) Remoteangriff ja Datum 17.03.2026 Stand 18.03.2026 Mitigation nein
Betroffene Systeme
Betriebssystem
- Linux
- UNIX
Produktbeschreibung
Keycloak ermöglicht Single Sign-On mit Identity and Access Management für moderne Anwendungen und Dienste.
Produkte
17.03.2026
- Open Source Keycloak
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Keycloak ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.