Security
Headlines

Headlines Latest CVEs

Headline

GHSA-wv3h-x6c4-r867: Keycloak services allows the issuance of access and refresh tokens for disabled users

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.

1 day ago

#vulnerability #git #java #intel #auth #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-14559

Keycloak services allows the issuance of access and refresh tokens for disabled users

Moderate severity GitHub Reviewed Published Jan 21, 2026 to the GitHub Advisory Database • Updated Jan 21, 2026

Package

maven org.keycloak:keycloak-services (Maven)

Affected versions

<= 26.5.1

Description

Published to the GitHub Advisory Database

Jan 21, 2026

Last updated

Jan 21, 2026

EPSS score

ghsa: Latest News

GHSA-pchf-49fh-w34r: Soft Serve Affected by an Authentication Bypass

18 hours ago

GHSA-xxjr-mmjv-4gpg: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

18 hours ago

GHSA-36p8-mvp6-cv38: Wrangler affected by OS Command Injection in `wrangler pages deploy`

18 hours ago

GHSA-r92c-9c7f-3pj8: OpenTofu has High CPU usage in "tofu init" with maliciously-crafted module packages in .zip format

18 hours ago

GHSA-rjr4-v43m-pxq6: Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

18 hours ago