Vulnerability Details CVE-2026-4633
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.3%
CVSS Severity
CVSS v3 Score 3.7
References
Products affected by CVE-2026-4633
-
cpe:2.3:a:redhat:build_of_keycloak:-