CVE-2026-1529

HIGH

Org.keycloak Keycloak-services - Signature Verification Bypass

Title source: rule

Description

A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access.

Exploits (3)

nomisec WORKING POC 3 stars

by ninjazan420 · poc

https://github.com/ninjazan420/CVE-2026-1529-PoC-keycloak-unauthorized-registration-via-improper-invitation-token-validation

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by 0x240x23elu · poc

https://github.com/0x240x23elu/CVE-2026-1529

View Code ZIP pw:eip

nomisec WORKING POC

by ackemed · poc

https://github.com/ackemed/CVE-2026-1529-PoC-keycloak-unauthorized-registration-via-improper-invitation-token-validation

View Code ZIP pw:eip

References (6)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:2363

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:2364

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:2365

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:2366

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-1529

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2433783

Scores

CVSS v3 8.1

EPSS 0.0001

EPSS Percentile 1.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-347

Status published

Products (8)

org.keycloak/keycloak-services 26.5.0 - 26.5.3Maven

Red Hat/Red Hat build of Keycloak 26.2 26.2.13-1

Red Hat/Red Hat build of Keycloak 26.2 26.2-15

Red Hat/Red Hat build of Keycloak 26.2.13

Red Hat/Red Hat build of Keycloak 26.4 26.4-10

Red Hat/Red Hat build of Keycloak 26.4 26.4-11

Red Hat/Red Hat build of Keycloak 26.4 26.4.9-1

Red Hat/Red Hat build of Keycloak 26.4.9

Published Feb 09, 2026

Tracked Since Feb 18, 2026