CVE-2026-37979EPSS p28.3%

CVE-2026-37979CVE-2026-37979

redhat / build_of_keycloak

Description

A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other resource servers, compromising the confidentiality of lightweight access tokens. This issue can be exploited remotely by any confidential client in the realm with valid credentials.

Scoring

CVSS 6.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS0.37% probability of exploitation · percentile 28.3% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7571
CVE
CVE-2026-37981
CVE
CVE-2026-8922
CVE
CVE-2026-37978
CVE
CVE-2026-37977
CVE
CVE-2026-9791
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.