CVE-2026-4325

Published: Apr 02, 2026 Last Modified: Apr 02, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none

Description

AI Translation Available

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This could lead to unauthorized access or account compromise.

653

Improper Isolation or Compartmentalization

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Bypass Protection Mechanism
Applicable Platforms
All platforms may be affected
View CWE Details
https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/security/cve/CVE-2026-4325
https://access.redhat.com/security/cve/CVE-2026-4325
https://bugzilla.redhat.com/show_bug.cgi?id=2448351
https://bugzilla.redhat.com/show_bug.cgi?id=2448351