By weakness (CWE)

CWE-305: related vulnerabilities

CVEs classified under CWE-305. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-9798MEDIUM 4.3

    Keycloak's account lockout feature, which temporarily disables accounts after repeated failed login attempts, can be bypassed when an attacker possesses valid client credentials. By using the Client-Initiated Backchannel Authentication (CIBA) flow—a legitimate OAuth 2.0 feature—attackers can circumvent the lockout and continue attempting to authenticate or obtain tokens. This undermines brute-force protection and creates a secondary path for unauthorized access once the attacker has obtained initial client credentials.