CVE-2026-2733 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-2733 PUBLISHED CVSS 3.799999952316284 LOW

Keycloak: Missing Check on Disabled Client for Docker Registry Protocol

EPSS 0.04% · 12.7th percentile

Risk Scores

CVSS v3.1

3.799999952316284

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

EPSS Score

0.04%

12.7th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat Build of Keycloak
Red Hat	Red Hat Build of Keycloak
Red Hat	Red Hat build of Keycloak 26.4	26.4-12, 26.4-12
Red Hat	Red Hat build of Keycloak 26.4	26.4.10-1, 26.4.10-1
Red Hat	Red Hat build of Keycloak 26.4	26.4-12, 26.4-12
Red Hat	Red Hat Single Sign-On 7
Red Hat	Red Hat JBoss Enterprise Application Platform 8
Red Hat	Red Hat build of Keycloak 26.4.10
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack
Maven	org.keycloak:keycloak-services	0, 0

Timeline

Feb 19, 2026 CVE Published
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 21, 2026 EPSS Score
Feb 23, 2026 EPSS Score
Feb 24, 2026 EPSS Score
Feb 25, 2026 EPSS Score
Feb 26, 2026 EPSS Score
Feb 27, 2026 EPSS Score
Feb 28, 2026 EPSS Score
Mar 2, 2026 EPSS Score
Mar 3, 2026 EPSS Score

References

RHSA-2026:3947 vendor-advisory
RHSA-2026:3948 vendor-advisory
https://access.redhat.com/security/cve/CVE-2026-2733 vdb
RHBZ#2440895 issue
https://nvd.nist.gov/vuln/detail/CVE-2026-2733 advisory
https://github.com/keycloak/keycloak/issues/46462 url
https://github.com/keycloak/keycloak/commit/743ac24081b2c6da36aac3775147ec5b80c2861e url
https://github.com/keycloak/keycloak package

Open in Interactive Console →