Keycloak missing server-side WebAuthn credential-registration validation (fixed 26.6.3)

cve · CVE-2026-8830

Coverage timeline

first 2026-06-07 → last 2026-06-07

Briefs

1 distinct

Sources cited

2 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-06-07CTI Daily Brief — 2026-06-07

Source distribution

keycloak.org2 (67%)
wid.cert-bund.de1 (33%)

External references

NVD · cve.org · CISA KEV

All cited sources (3)

keycloak.orgprimaryinlineKeycloakhttps://www.keycloak.org/2026/05/keycloak-2662-released
source profile · cited in 2026-W21, 2026-05-21
keycloak.orgprimaryinlineKeycloak, 2026-06-04https://www.keycloak.org/2026/06/keycloak-2663-released
source profile · cited in 2026-06-07
wid.cert-bund.deinlineBSI CERT-Bund WID-SEC-2026-1612https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1612
source profile · cited in 2026-W21, 2026-05-21

Items in briefs about Keycloak missing server-side WebAuthn credential-registration validation (fixed 26.6.3)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.