Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-66286

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-23 Apr, 2026 | 12:33
Updated At-28 Apr, 2026 | 20:00
Rejected At-
Credits

Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:23 Apr, 2026 | 12:33
Updated At:28 Apr, 2026 | 20:00
Rejected At:
▼CVE Numbering Authority (CNA)
Webkitgtk: authorization bypass through webpage::send-request signal handler

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
webkitgtk
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
unknown
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
webkitgtk3
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
webkitgtk4
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
webkit2gtk3
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
webkit2gtk3
CPEs
  • cpe:/o:redhat:enterprise_linux:9
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-639Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Red Hat would like to thank Albrecht Dreß for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2025-12-23 17:34:29
Made public.2026-04-23 12:15:39
Event: Reported to Red Hat.
Date: 2025-12-23 17:34:29
Event: Made public.
Date: 2026-04-23 12:15:39
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2025-66286
vdb-entry
x_refsource_REDHAT
https://bugs.webkit.org/show_bug.cgi?id=259787
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2424652
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-66286
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugs.webkit.org/show_bug.cgi?id=259787
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2424652
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:23 Apr, 2026 | 13:16
Updated At:24 Apr, 2026 | 14:50

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-639Primarysecalert@redhat.com
CWE ID: CWE-639
Type: Primary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2025-66286secalert@redhat.com
N/A
https://bugs.webkit.org/show_bug.cgi?id=259787secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2424652secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2025-66286
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.webkit.org/show_bug.cgi?id=259787
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2424652
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

24Records found

CVE-2026-9087
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.31% / 22.96%
||
7 Day CHG+0.02%
Published-20 May, 2026 | 16:13
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login

A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9099
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.62%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:16
Updated-01 Jul, 2026 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group. Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-5142
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 18.64%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:07
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'view_keypairs' permission can bypass taxonomy scoping, allowing them to download private SSH (Secure Shell) keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant deployments, potentially compromising sensitive information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-5135
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:08
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing authorisation checks. The consequence is the potential for unauthorised modification of managed host configurations across different organisational and location boundaries.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9799
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.17% / 6.23%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 16:17
Updated-01 Jul, 2026 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to all resources of that type within the same resource server, even if they do not have a ticket for those specific resources. This vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13Red Hat build of Keycloak 26.6.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-4630
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 22.10%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 10:28
Updated-03 Jun, 2026 | 19:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-45830
Matching Score-6
Assigner-HiddenLayer, Inc.
ShareView Details
Matching Score-6
Assigner-HiddenLayer, Inc.
CVSS Score-8.8||HIGH
EPSS-0.34% / 26.45%
||
7 Day CHG+0.05%
Published-12 Jun, 2026 | 14:46
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

Action-Not Available
Vendor-trychromaChromaRed Hat, Inc.
Product-chromadbChromaDBRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-45832
Matching Score-6
Assigner-HiddenLayer, Inc.
ShareView Details
Matching Score-6
Assigner-HiddenLayer, Inc.
CVSS Score-8.8||HIGH
EPSS-0.28% / 20.16%
||
7 Day CHG+0.03%
Published-12 Jun, 2026 | 15:11
Updated-30 Jun, 2026 | 12:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

Action-Not Available
Vendor-trychromaChromaRed Hat, Inc.
Product-chromadbChromaDBRed Hat OpenShift AI (RHOAI)Red Hat Enterprise Linux AI (RHEL AI) 3
CWE ID-CWE-551
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-5138
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 15.90%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 14:08
Updated-02 Jul, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomy_scope controller method does not properly validate organization and location IDs from nested request parameters, bypassing existing authorization checks. This allows the user to leak sensitive infrastructure metadata, including subnet topology, IP ranges, gateways, DNS servers, and VLAN IDs, from organizations and locations they are not authorized to access.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6.18 for RHEL 9Red Hat Satellite 6.19 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-47101
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.05%
||
7 Day CHG+0.11%
Published-21 May, 2026 | 20:33
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42999
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.33% / 24.84%
||
7 Day CHG+0.08%
Published-28 May, 2026 | 00:00
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).

Action-Not Available
Vendor-Red Hat, Inc.OpenStack
Product-keystoneKeystoneRed Hat OpenStack Platform 17.1Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 18.0Red Hat OpenStack Platform 16.2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-40981
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.95%
||
7 Day CHG+0.05%
Published-07 May, 2026 | 03:55
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_cloud_configSpring Cloud ConfigRed Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-14459
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-0.35% / 27.20%
||
7 Day CHG+0.01%
Published-26 Jan, 2026 | 19:36
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Virt-cdi-controller: unauthorized pvc cloning via dataimportcron

A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.

Action-Not Available
Vendor-Red Hat, Inc.
Product-RHEL-9-CNV-4.19Red Hat OpenShift Virtualization 4Red Hat OpenShift Virtualization 4CNV 4.19 for RHEL 9
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-38201
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.46% / 36.87%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 16:15
Updated-20 Nov, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keylime: challenge-response protocol bypass during agent registration

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.

Action-Not Available
Vendor-keylimeRed Hat, Inc.Fedora Project
Product-enterprise_linux_server_ausenterprise_linuxfedorakeylimeenterprise_linux_for_ibm_z_systemsenterprise_linux_eusenterprise_linux_for_power_little_endian_eusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusRed Hat Enterprise Linux 9
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-3605
Matching Score-6
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-6
Assigner-HashiCorp Inc.
CVSS Score-8.1||HIGH
EPSS-0.38% / 29.62%
||
7 Day CHG+0.08%
Published-17 Apr, 2026 | 02:44
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault KVv2 Metadata and Secret Deletion Policy Bypass Denial-of-Service

An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulnerability did not allow a malicious user to delete secrets across namespaces, nor read any secret data. Fxed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16.

Action-Not Available
Vendor-HashiCorp, Inc.Red Hat, Inc.
Product-vaultVaultVault EnterpriseRed Hat Openshift Data Foundation 4Red Hat OpenShift Container Platform 4
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-34444
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.9||HIGH
EPSS-0.61% / 44.97%
||
7 Day CHG+0.10%
Published-06 Apr, 2026 | 15:30
Updated-30 Jun, 2026 | 12:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lupa has a Sandbox escape and RCE due to incomplete attribute_filter enforcement in getattr / setattr

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution.

Action-Not Available
Vendor-scoderscoderRed Hat, Inc.
Product-lupalupaRed Hat Satellite 6.18Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-914
Improper Control of Dynamically-Identified Variables
CVE-2026-2366
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-0.27% / 19.25%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 10:54
Updated-02 Apr, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: keycloak: information disclosure via authorization bypass in admin api

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.11
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-21721
Matching Score-6
Assigner-Grafana Labs
ShareView Details
Matching Score-6
Assigner-Grafana Labs
CVSS Score-8.1||HIGH
EPSS-0.65% / 46.52%
||
7 Day CHG+0.26%
Published-27 Jan, 2026 | 09:07
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dashboard Permissions Scope Bypass Enables Cross‑Dashboard Privilege Escalation

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.Grafana Labs
Product-grafanagrafana/grafanagrafana/grafana-enterpriseMulticluster Global HubRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Ceph Storage 5Red Hat Ceph Storage 8Red Hat Advanced Cluster Management for Kubernetes 2.13Red Hat Ceph Storage 6Red Hat Advanced Cluster Management for Kubernetes 2.12Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-20912
Matching Score-6
Assigner-Gitea Limited
ShareView Details
Matching Score-6
Assigner-Gitea Limited
CVSS Score-9.1||CRITICAL
EPSS-0.41% / 33.30%
||
7 Day CHG+0.05%
Published-22 Jan, 2026 | 22:01
Updated-29 Jun, 2026 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.

Action-Not Available
Vendor-giteaGiteaRed Hat, Inc.
Product-giteaGitea Open Source Git ServerOpenShift Pipelines
CWE ID-CWE-283
Unverified Ownership
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-20897
Matching Score-6
Assigner-Gitea Limited
ShareView Details
Matching Score-6
Assigner-Gitea Limited
CVSS Score-9.1||CRITICAL
EPSS-0.41% / 33.30%
||
7 Day CHG+0.05%
Published-22 Jan, 2026 | 22:01
Updated-29 Jun, 2026 | 12:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gitea Git LFS Lock Deletion Broken Access Control (Cross-Repo IDOR)

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

Action-Not Available
Vendor-giteaGiteaRed Hat, Inc.
Product-giteaGitea Open Source Git ServerOpenShift Pipelines
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2012-5571
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-2.04% / 78.75%
||
7 Day CHG~0.00%
Published-18 Dec, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-folsomessexRed Hat OpenStack Platform 18.0Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-14209
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 7.02%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 11:48
Updated-01 Jul, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakjboss_enterprise_application_platform_expansion_packRed Hat Build of KeycloakRed Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-37978
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.40% / 31.74%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 10:52
Updated-03 Jun, 2026 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID (userId) parameter. This vulnerability allows for cross-role personally identifiable information (PII) leakage, enabling unauthorized visibility into user identities and authorizations across the realm. Exploitation is possible remotely via network access to the Admin API.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4.12Red Hat build of Keycloak 26.4
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-32589
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.24% / 15.35%
||
7 Day CHG~0.00%
Published-08 Apr, 2026 | 17:04
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mirror-registry: quay: insecure direct object reference in blobupload

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

Action-Not Available
Vendor-Red Hat, Inc.
Product-quaymirror_registry_for_red_hat_openshiftmirror registry for Red Hat OpenShiftRed Hat Quay 3.17Red Hat Quay 3.14Red Hat Quay 3.12mirror registry for Red Hat OpenShift 2.0Red Hat Quay 3.10Red Hat Quay 3.16Red Hat Quay 3.9Red Hat Quay 3.15mirror registry for Red Hat OpenShiftRed Hat Quay 3.17Red Hat Quay 3.14Red Hat Quay 3.12mirror registry for Red Hat OpenShift 2.0Red Hat Quay 3.10Red Hat Quay 3.16Red Hat Quay 3.9Red Hat Quay 3.15
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
Details not found