Zero Day MonitorZDM

← Back to list

5.3

CVE-2026-4325PATCHED

red hat · red hat build of keycloak

Keycloak: keycloak: replay of action tokens via improper handling of single-use entries

Description

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.

Affected Products

Vendor	Product	Versions
red hat	red hat build of keycloak	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	keycloak	cert_advisory	90%
red hat	red hat enterprise linux	cert_advisory	90%

References

https://access.redhat.com/errata/RHSA-2026:6475(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6476(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6477(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6478(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-4325(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2448351(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories2h ago

[NEU] [hoch] Keycloak: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB4d ago

CVE-2026-4325 | Keycloak SingleUseObjectProvider improper isolation or compartmentalization (RHSA-2026:6477)

→ No new info (linked only)

CVSS 3.15.3 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

org.keycloak:keycloak-services@26.5.7

CWECWE-653

PublishedApr 2, 2026

Last enriched4d agov2

Tags

CVE-2026-4325

Trending Score31

Source articles2

Independent2

Info Completeness8/14

Missing: versions, epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

HIGHCVE-2026-3872EXP

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

NONECVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

NONECVE-2026-37977

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: severity, cvssEstimate, tags

Apr 2, 2026

Patch Available

Apr 7, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated severity to HIGH, CVSS estimate to 7.5, and added CVE ID tag.

severitycvssEstimatetags

via VulDB

v15d ago

Initial creation