CVE-2026-37979— Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass
Possible ATT&CK Techniques 1AI
T1556 · Modify Authentication ProcessAffected Version Matrix 4
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.12-1< * | unaffected |
26.4-17< * | unaffected | ||
26.4-17< * | unaffected | ||
| Red Hat | Red Hat build of Keycloak 26.4.12 | any | unaffected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-37979
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpoint allows a confidential client to bypass audience restrictions. An attacker-controlled client with valid credentials can retrieve sensitive token claims intended for other resource servers, compromising the confidentiality of lightweight access tokens. This issue can be exploited remotely by any confidential client in the realm with valid credentials.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Keycloak 访问控制错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在访问控制错误漏洞,该漏洞源于OpenID Connect令牌内省端点中的访问控制漏洞,允许机密客户端绕过受众限制,可能导致机密客户端检索本应属于其他资源服务器的敏感令牌声明。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.12-1 ~ * | cpe:/a:redhat:build_keycloak:26.4::el9 | |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-17 ~ * | cpe:/a:redhat:build_keycloak:26.4::el9 | |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-17 ~ * | cpe:/a:redhat:build_keycloak:26.4::el9 | |
| Red Hat | Red Hat build of Keycloak 26.4.12 | - | cpe:/a:redhat:build_keycloak:26.4::el9 |
II. Public POCs for CVE-2026-37979
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-37979
请登录查看更多情报信息。
Advisory · 3
Same Patch Batch · Red Hat · 2026-05-19 · 11 CVEs total
| CVE-2026-7504 | 8.1 HIGH | Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in k |
| CVE-2026-7507 | 7.5 HIGH | Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to accou |
| CVE-2026-7307 | 7.5 HIGH | Keycloak: keycloak: denial of service via specially crafted saml input |
| CVE-2026-7571 | 7.1 HIGH | Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client dat |
| CVE-2026-37982 | 6.8 MEDIUM | Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauth |
| CVE-2026-4630 | 6.8 MEDIUM | Keycloak: keycloak: unauthorized resource access and data modification via insecure direct |
| CVE-2026-8922 | 5.4 MEDIUM | Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org |
| CVE-2026-37978 | 4.9 MEDIUM | Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admi |
| CVE-2026-37981 | 4.3 MEDIUM | Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access c |
| CVE-2026-8830 | 4.3 MEDIUM | Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credenti |
IV. Related Vulnerabilities
Same product: Red Hat build of Keycloak 26.4
- CVE-2026-7571
Keycloak: keycloak: access token disclosure and implicit flo - CVE-2026-37982
Keycloak: org.keycloak.authentication: keycloak: unauthorize - CVE-2026-37978
Keycloak: org.keycloak.services: keycloak: information discl - CVE-2026-37981
Keycloak: org.keycloak.authorization: keycloak: information - CVE-2026-4630
Keycloak: keycloak: unauthorized resource access and data mo
Same vendor: Red Hat
- CVE-2026-9149
Libsolv: heap buffer overflow in libsolv repo_add_solv via n - CVE-2026-9150
Libsolv: stack-based buffer overflow in libsolv's debian met - CVE-2026-9087
Keycloak: cross-session email verification proof not bound t - CVE-2026-9064
389-ds-base: 389-ds-base: unbounded ldap controls count in g - CVE-2026-7571
Keycloak: keycloak: access token disclosure and implicit flo
V. Comments for CVE-2026-37979
No comments yet