CLEANSTART-2026-SG80587

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-SG80587.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-SG80587
Upstream
Published
2026-01-30T14:00:21.027172Z
Modified
2026-02-20T09:15:31.190283Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session
Details

Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details.

References

Affected packages

CleanStart / keycloak

Package

Name
keycloak

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
26.5.0-r0

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-SG80587.json"