logo

Database

Security controls bypass or absence In org.keycloak:keycloak-services

Description

Keycloak: Unauthorized account takeover via WebAuthn token replay A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's account. This leads to unauthorized enrollment of a hardware-backed credential, enabling persistent account takeover.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-379822. NVD-2026-379823. OSV-2026-379824. GCVE-2026-379825. access.redhat.com6. access.redhat.com7. ACCESS-CVE-2026-37982

References

1. https://github.com/keycloak/keycloak/pull/491262. https://github.com/keycloak/keycloak/commit/2d1a24f501454a44c52daa62855419b31dc499c13. https://bugzilla.redhat.com/show_bug.cgi?id=24553294. https://github.com/keycloak/keycloak/releases/tag/26.6.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.