โ† Back to Dashboard

CVE-2026-9087

MEDIUM NVD
CVSS Score
6.4
Severity
MEDIUM
Source
NVD
Published
May 20, 2026
Description

A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account.

View Full Details โ† Back