CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4325

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.8%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2026-4325

Redhat » Build Of Keycloak » Version: N/A

cpe:2.3:a:redhat:build_of_keycloak:-
Redhat » Build Of Keycloak » Version: 26.2

cpe:2.3:a:redhat:build_of_keycloak:26.2
Redhat » Build Of Keycloak » Version: 26.2.15

cpe:2.3:a:redhat:build_of_keycloak:26.2.15
Redhat » Build Of Keycloak » Version: 26.4

cpe:2.3:a:redhat:build_of_keycloak:26.4
Redhat » Build Of Keycloak » Version: 26.4.11

cpe:2.3:a:redhat:build_of_keycloak:26.4.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4325

Products

Pricing

Contact Us