By weakness (CWE)

CWE-1220: related vulnerabilities

CVEs classified under CWE-1220. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-9088LOW 2.7

    Keycloak contains a flaw in how it enforces user profile visibility rules for delegated administrators. An admin with permission to view group memberships and users can circumvent access controls by querying the group members endpoint, allowing them to see sensitive user attributes that should be hidden from them. This is a controlled-access issue—the attack requires administrative privileges and does not affect regular users or public-facing functionality.