CVE-2026-37982

MEDIUM EPSS 35.2%

Published May 19, 20261mo ago · Modified Jun 17, 20261w ago

6.8 CVSS 3.1

Medium

Published May 19, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's account. This leads to unauthorized enrollment of a hardware-backed credential, enabling persistent account takeover.

CVSS Details

Base Score

6.8

Exploitability

1.6

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

35.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-294

Affected Products 1

Vendor	Product	Version	Range
redhat	build_of_keycloak	*	≥26.4 – <26.4.12

References 4

access.redhat.com https://access.redhat.com/errata/RHSA-2026:19596

Vendor Advisory
access.redhat.com https://access.redhat.com/errata/RHSA-2026:19597

Vendor Advisory
access.redhat.com https://access.redhat.com/security/cve/CVE-2026-37982

Vendor Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2455329

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.