A vulnerability in the open‑source identity and access management platform Keycloak has been reported by the French CERT (CERT‑FR). Identified as CVE‑2026‑2092, the flaw could allow attackers to compromise data confidentiality and bypass security policies by exploiting the handling of identity tokens. The issue affects Keycloak versions 26.2.x older than 26.2.14, 26.4.x older than 26.4.10, and 26.5.x older than 26.5.5. Security officials advise users of these versions to consult the vendor’s security bulletin for patches and to upgrade immediately. The advisory cites the Keycloak security notice GHSA‑794g‑x443‑36f7 issued on 29 May 2026. Updated information will be provided as the situation develops. Affected organizations should review their configurations and apply the recommended fixes as soon as possible.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.