Keycloak token-exchange privilege escalation (silent subject_token removal); Keycloak 26.6.3 16-CVE release
cve · CVE-2026-9704
Coverage timeline
1
first 2026-06-07 → last 2026-06-07
Briefs
1
1 distinct
Sources cited
3
2 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-06-07CTI Daily Brief — 2026-06-07
Where this entity is cited
- deep_dive1
Source distribution
- keycloak.org2 (67%)
- wid.cert-bund.de1 (33%)
External references
All cited sources (3)
- keycloak.orginlineKeycloak, 2026-06-04https://www.keycloak.org/2026/06/keycloak-2663-released
- keycloak.orginlineKeycloakhttps://www.keycloak.org/2026/05/keycloak-2662-released
- wid.cert-bund.deinlineBSI CERT-Bund WID-SEC-2026-1612https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1612
Items in briefs about Keycloak token-exchange privilege escalation (silent subject_token removal); Keycloak 26.6.3 16-CVE release
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.