By weakness (CWE)

CWE-280: related vulnerabilities

CVEs classified under CWE-280. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-9792MEDIUM 6.5

    Keycloak's Client Policies feature contains a bypass that weakens its security controls. When administrators configure policies to block the Resource Owner Password Credentials (ROPC) grant flow—a less secure authentication method—the system fails to enforce this restriction under certain conditions. An attacker can exploit this to obtain authentication tokens without proper authorization, potentially accessing sensitive data or impersonating legitimate users. The vulnerability affects how Keycloak validates policy conditions when client type, roles, attributes, or scopes are involved.