Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-14614

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-03 Jul, 2026 | 15:33
Updated At-03 Jul, 2026 | 15:33
Rejected At-
Credits

Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:03 Jul, 2026 | 15:33
Updated At:03 Jul, 2026 | 15:33
Rejected At:
▼CVE Numbering Authority (CNA)
Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk-openshift-rhel9/rhbk-openshift-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Data Grid 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:jboss_data_grid:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:jbosseapxp
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7
Default Status
unaffected
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-07-02 17:39:04
Made public.2026-07-03 15:21:06
Event: Reported to Red Hat.
Date: 2026-07-02 17:39:04
Event: Made public.
Date: 2026-07-03 15:21:06
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-14614
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2496889
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-14614
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2496889
Resource:
issue-tracking
x_refsource_REDHAT
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:03 Jul, 2026 | 16:16
Updated At:03 Jul, 2026 | 16:16

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not authorized to see or manage. As a result, an attacker could inject unauthorized data or permissions into the security tokens issued to end-users, potentially tricking other applications into granting higher levels of access than intended.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CPE Matches

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-14614secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2496889secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-14614
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2496889
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

18Records found

CVE-2026-8922
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 19.90%
||
7 Day CHG~0.00%
Published-19 May, 2026 | 06:27
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: security flaw in org.keycloak/keycloak-services

A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
CVE-2026-7500
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 14.01%
||
7 Day CHG~0.00%
Published-30 Apr, 2026 | 14:53
Updated-26 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat build of Keycloak 26.4Red Hat build of Keycloak 26.6.3Red Hat build of Keycloak 26.6Red Hat build of Keycloak 26.4.13
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-6383
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 4.58%
||
7 Day CHG~0.00%
Published-15 Apr, 2026 | 18:22
Updated-17 Apr, 2026 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources, potentially disclosing sensitive information or performing actions they are not permitted to do. Additionally, legitimate users may be denied access to resources.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift Virtualization 4
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-6848
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.65%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 09:06
Updated-22 Apr, 2026 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quay: red hat quay: authentication bypass allows privileged actions without valid credentials

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle authenticated browser session, to perform privileged actions without providing valid credentials. The vulnerability enables unauthorized execution of sensitive operations despite the user interface displaying an error for invalid credentials.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Quay 3
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-14778
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 20.48%
||
7 Day CHG~0.00%
Published-09 Feb, 2026 | 18:58
Updated-10 Feb, 2026 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: incorrect ownership checks in /uma-policy/

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.2.13Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-1391
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.80%
||
7 Day CHG~0.00%
Published-17 Feb, 2025 | 14:01
Updated-06 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: improper authorization in keycloak organization mapper allows unauthorized organization claims

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies on these claims for authorization, it may incorrectly assume a user belongs to an organization they are not a member of, potentially granting unauthorized access or privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Build of KeycloakRed Hat build of Keycloak 26.0
CWE ID-CWE-284
Improper Access Control
CVE-2012-5571
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-2.04% / 78.77%
||
7 Day CHG~0.00%
Published-18 Dec, 2012 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

Action-Not Available
Vendor-OpenStackRed Hat, Inc.
Product-folsomessexRed Hat OpenStack Platform 18.0Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 16.2Red Hat OpenStack Platform 17.1
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12110
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 19.02%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 14:19
Updated-20 Jan, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: org.keycloak:keycloak-services: user can refresh offline session even after client's offline_access scope was removed

A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are.

Action-Not Available
Vendor-KeycloakRed Hat, Inc.
Product-Red Hat build of Keycloak 26.2.11Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.2keycloakRed Hat build of Keycloak 26.4.4
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-11429
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 11.74%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 14:09
Updated-20 Jan, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-server: too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security configuration change. This is a logic flaw in session management increases the potential window for successful session hijacking or unauthorized long-term access persistence. The flaw lies in the session expiration logic relying on the session-local "remember-me" flag without validating the current realm-level configuration.

Action-Not Available
Vendor-KeycloakRed Hat, Inc.
Product-keycloakRed Hat build of Keycloak 26.2.11Red Hat build of Keycloak 26.2
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2025-0604
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.56% / 42.70%
||
7 Day CHG~0.00%
Published-22 Jan, 2025 | 14:34
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak

A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Build of KeycloakRed Hat build of Keycloak 26.0Red Hat Single Sign-On 7
CWE ID-CWE-287
Improper Authentication
CVE-2019-14870
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-2.78% / 84.65%
||
7 Day CHG~0.00%
Published-10 Dec, 2019 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxopenSUSESambaFedora ProjectRed Hat, Inc.
Product-ubuntu_linuxdebian_linuxsambafedoraleapsamba
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-287
Improper Authentication
CVE-2019-10156
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.6||MEDIUM
EPSS-1.76% / 75.24%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 22:12
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.
Product-debian_linuxopenstackansibleansible
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-6544
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.07% / 60.88%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 15:58
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: authorization bypass

A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Single Sign-On 7.6 for RHEL 7Red Hat build of Keycloak 22Red Hat build of Keycloak 22.0.10RHSSO 7.6.8RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7.6 for RHEL 9Red Hat Single Sign-On 7.6 for RHEL 8
CWE ID-CWE-625
Permissive Regular Expression
CVE-2024-10306
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.26% / 17.40%
||
7 Day CHG~0.00%
Published-23 Apr, 2025 | 09:59
Updated-30 Jun, 2026 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mod_proxy_cluster: mod_proxy_cluster unauthorized mcmp requests

A vulnerability was found in mod_proxy_cluster. The issue is that the <Directory> directive should be replaced by the <Location> directive as the former does not restrict IP/host access as `Require ip IP_ADDRESS` would suggest. This means that anyone with access to the host might send MCMP requests that may result in adding/removing/updating nodes for the balancing. However, this host should not be accessible to the public network as it does not serve the general traffic.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Core ServicesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 10
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-1207
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-5.4||MEDIUM
EPSS-9.44% / 94.82%
||
7 Day CHG+5.66%
Published-03 Feb, 2026 | 14:35
Updated-30 Jun, 2026 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential SQL injection via raster lookups on PostGIS

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. Raster lookups on ``RasterField`` (only implemented on PostGIS) allows remote attackers to inject SQL via the band index parameter. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Tarek Nakkouch for reporting this issue.

Action-Not Available
Vendor-Red Hat, Inc.Django
Product-djangoDjangoRed Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6.18Red Hat Discovery 2Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat OpenStack Platform 18.0Red Hat Ansible Automation Platform 2Red Hat Satellite 6.16 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat OpenStack Platform 16.2Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Satellite 6Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Satellite 6.18 for RHEL 9Red Hat OpenStack Platform 17.1Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-1287
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-5.4||MEDIUM
EPSS-0.75% / 50.55%
||
7 Day CHG+0.26%
Published-03 Feb, 2026 | 14:36
Updated-01 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential SQL injection in column aliases via control characters

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `FilteredRelation` is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the `**kwargs` passed to `QuerySet` methods `annotate()`, `aggregate()`, `extra()`, `values()`, `values_list()`, and `alias()`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.

Action-Not Available
Vendor-Red Hat, Inc.Django
Product-djangoDjangoRed Hat OpenStack Platform 16.2Red Hat OpenStack Platform 18.0Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Satellite 6.16 for RHEL 9Red Hat Satellite 6.16 for RHEL 8Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Satellite 6.18Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Satellite 6.18 for RHEL 9Red Hat Ansible Automation Platform 2Red Hat Ansible Automation Platform 2.5Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6Red Hat Discovery 2Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat OpenStack Platform 17.1Red Hat Ansible Automation Platform 2.6
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-1312
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
ShareView Details
Matching Score-8
Assigner-6a34fbeb-21d4-45e7-8e0a-62b95bc12c92
CVSS Score-5.4||MEDIUM
EPSS-0.80% / 52.16%
||
7 Day CHG+0.31%
Published-03 Feb, 2026 | 14:36
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Potential SQL injection via QuerySet.order_by and FilteredRelation

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. `.QuerySet.order_by()` is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in `FilteredRelation`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Solomon Kebede for reporting this issue.

Action-Not Available
Vendor-Red Hat, Inc.Django
Product-djangoDjangoRed Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5Red Hat Satellite 6.18Red Hat Discovery 2Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Update Infrastructure 4 for Cloud ProvidersRed Hat OpenStack Platform 18.0Red Hat Ansible Automation Platform 2Red Hat Satellite 6.16 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Satellite 6.17 for RHEL 9Red Hat OpenStack Platform 16.2Red Hat Ansible Automation Platform 2.6 for RHEL 10Red Hat Satellite 6Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Satellite 6.18 for RHEL 9Red Hat OpenStack Platform 17.1Red Hat Satellite 6.16 for RHEL 8
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-0119
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.56% / 42.25%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 15:14
Updated-02 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: stored cross-site scripting in host tab

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.

Action-Not Available
Vendor-Red Hat, Inc.
Product-satelliteenterprise_linuxRed Hat Satellite 6.13 for RHEL 8Red Hat Satellite 6.14 for RHEL 8
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Details not found