Skip to main content

Red Hat CVE-2026-4325

| EUVDEUVD-2026-18210 MEDIUM
Improper Isolation or Compartmentalization (CWE-653)
2026-04-02 redhat GHSA-rx66-hj7g-28h7
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Red Hat
5.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Apr 04, 2026 - 08:30 nvd
Patch available
EUVD ID Assigned
Apr 02, 2026 - 13:15 euvd
EUVD-2026-18210
Analysis Generated
Apr 02, 2026 - 13:15 vuln.today
CVE Published
Apr 02, 2026 - 12:44 nvd
MEDIUM 5.3

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 53 maven packages depend on org.keycloak:keycloak-services (25 direct, 28 indirect)

Ecosystem-wide dependent count for version 26.5.7.

DescriptionCVE.org

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.

AnalysisAI

Keycloak's SingleUseObjectProvider lacks proper type and namespace isolation, allowing unauthenticated remote attackers with user interaction to delete arbitrary single-use entries and replay consumed action tokens such as password reset links, leading to account compromise. The vulnerability requires user interaction (UI:R) and high attack complexity (AC:H), resulting in a CVSS score of 5.3. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

Keycloak's SingleUseObjectProvider is a global key-value store mechanism responsible for managing single-use tokens and action tokens, including password reset and email verification links. The vulnerability stems from improper isolation of token types and namespaces (CWE-653: Unsupported Feature in Generator), allowing attackers to manipulate the store without proper access controls or validation. This design flaw enables an attacker to enumerate and delete entries belonging to other users or sessions, effectively invalidating the single-use constraint that these tokens are designed to enforce. The affected component is present in Red Hat Build of Keycloak across multiple versions as indicated by the wildcard CPE specification.

RemediationAI

Organizations running Red Hat Build of Keycloak should apply the vendor-released patch corresponding to their deployed version as soon as practical. Consult Red Hat's official security advisory at https://access.redhat.com/security/cve/CVE-2026-4325 for specific patched version numbers and upgrade instructions. Interim mitigations should focus on restricting access to password reset and account recovery flows to authenticated, trusted networks if operationally feasible, and monitoring for unusual token consumption patterns. Organizations should prioritize patching authentication-critical systems first, given the potential for account compromise through token replay attacks.

Vendor StatusVendor

Share

CVE-2026-4325 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy