Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.03%
7.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| redhat | build_of_keycloak | 26.4.10, 26.4.10, 26.4 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-12, 26.4-12, 26.4-12 |
| redhat | jboss_enterprise_application_platform_expansion_pack | |
| Red Hat | Red Hat build of Keycloak 26.4.10 | |
| redhat | single_sign-on | 7.0, 7.0, 7.0 |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | |
| redhat | jboss_enterprise_application_platform | 8.0, 8.0, 8.0 |
| Maven | org.keycloak:keycloak-services | 0, 0, 0 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.10-1, 26.4.10-1, 26.4.10-1 |
| Red Hat | Red Hat Single Sign-On 7 | |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-12, 26.4-12, 26.4-12 |
Timeline
- Mar 5, 2026 CVE Published
- Mar 5, 2026 PoC Published
- Mar 6, 2026 CVE Updated
- Mar 6, 2026 EPSS Score
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Distribution Patch
- Mar 6, 2026 Security Advisory
- Mar 6, 2026 Security Advisory
- Mar 7, 2026 EPSS Score
- Mar 8, 2026 EPSS Score
- Mar 9, 2026 EPSS Score
- Mar 10, 2026 EPSS Score
References
- RHSA-2026:3947 vendor-advisory
- RHSA-2026:3948 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2026-3009 vdb
- RHBZ#2441867 issue
- https://nvd.nist.gov/vuln/detail/CVE-2026-3009 advisory
- https://github.com/keycloak/keycloak/issues/46911 url
- https://github.com/keycloak/keycloak/commit/4fd5367e6cc28cfa68fb2240fc459c12b1fdbf2a url
- https://github.com/keycloak/keycloak package
- https://github.com/keycloak/keycloak/releases/tag/26.5.5 url