๐Ÿ” CVE Alert

CVE-2026-4325

MEDIUM 5.3

Keycloak: keycloak: replay of action tokens via improper handling of single-use entries

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
10th

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.

CWE CWE-653
Vendor red hat
Product red hat build of keycloak 26.2
Published Apr 2, 2026
Last Updated Apr 7, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat build of keycloak 26.2

Be the first to know when new medium vulnerabilities affecting red hat red hat build of keycloak 26.2 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Affected Versions

Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2
All versions affected
Red Hat / Red Hat build of Keycloak 26.2.15
All versions affected
Red Hat / Red Hat build of Keycloak 26.4
All versions affected
Red Hat / Red Hat build of Keycloak 26.4
All versions affected
Red Hat / Red Hat build of Keycloak 26.4
All versions affected
Red Hat / Red Hat build of Keycloak 26.4.11
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6475 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6476 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6477 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6478 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-4325 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2448351

Credits

Red Hat would like to thank chungkn (OneMount Group) for reporting this issue.