Platform
java
Component
keycloak
Fixed in
26.2.16
26.2.16
26.2.16
26.4.15
CVE-2026-4282 describes a privilege escalation vulnerability discovered in Keycloak. This flaw resides within the SingleUseObjectProvider, a global key-value store, due to a lack of proper type and namespace isolation. Exploitation allows unauthenticated attackers to forge authorization codes, ultimately granting them administrative privileges. Versions 26.2.15 and later are affected, and a patch is available.
The impact of CVE-2026-4282 is significant. A successful attacker can bypass authentication and gain full administrative control over a Keycloak instance. This includes the ability to manage users, roles, realms, and other critical configurations. The attacker could potentially steal sensitive data, modify user accounts, or even completely compromise the system. The lack of authentication required for exploitation dramatically increases the attack surface and potential for widespread abuse. This vulnerability shares similarities with other privilege escalation flaws where improper access controls allow unauthorized users to elevate their privileges.
CVE-2026-4282 was publicly disclosed on 2026-04-02. Its inclusion in the CISA KEV catalog (KEV) is pending. Public proof-of-concept (POC) code is currently unavailable, but the vulnerability's ease of exploitation suggests that it may become a target for automated attacks. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.04% (14% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4282 is to upgrade Keycloak to a patched version. As a fix is available, prioritize this action. If an immediate upgrade is not feasible due to compatibility concerns or downtime requirements, consider implementing temporary workarounds. While no specific WAF rules are documented, implementing strict access controls and monitoring for suspicious authorization code requests can help detect and potentially prevent exploitation. Regularly review Keycloak's configuration and ensure that the SingleUseObjectProvider is not being misused. After upgrading, confirm the fix by attempting to forge an authorization code with an unauthenticated user account; the attempt should fail.
Update Keycloak to version 26.2.16 or higher, or to version 26.4.15 or higher to mitigate the vulnerability. This update corrects an isolation flaw in the SingleUseObjectProvider that allows for authorization code forgery and privilege escalation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4282 is a vulnerability in Keycloak allowing unauthenticated attackers to forge authorization codes, leading to admin access. It affects versions 26.2.15 and later, with a CVSS score of 7.4 (HIGH).
If you are running Keycloak version 26.2.15 or later, you are potentially affected. Check your Keycloak version and upgrade immediately if vulnerable.
Upgrade Keycloak to a patched version. A fix is available, and this is the recommended mitigation strategy. Prioritize this upgrade to eliminate the vulnerability.
While no active exploitation has been confirmed, the ease of exploitation suggests it may become a target. Monitor security advisories and threat intelligence feeds.
Refer to the official Keycloak security advisories on the Keycloak website for detailed information and updates regarding CVE-2026-4282.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.