ALT-PU-2025-15661-3

Package update keycloak in branch c10f2

Version26.4.7-alt3

Published2026-02-04

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM5.5

A flaw was found in the Keycloak LDAP User Federation provider. This vulnerability allows an authenticated realm administrator to trigger deserialization of untrusted Java objects via a malicious LDAP server configuration.

Published: 2025-11-25Modified: 2026-04-14

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References

GHSA-4hx9-48xh-5mxr

MEDIUM5.5

Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Published: 2025-12-19Modified: 2026-02-17

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References

GHSA-93vm-mqpw-8wh3

MEDIUM5.5

Duplicate Advisory: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

Published: 2025-11-25Modified: 2025-12-23

CVSS 3.xMEDIUM 5.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References