CVE-2026-2733

LOW

Keycloak Docker v2 - Auth Bypass

Title source: llm

Description

A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources.

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:3947

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:3948

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2026-2733

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2440895

Scores

CVSS v3 3.8

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-285

Status published

Products (8)

org.keycloak/keycloak-services 0Maven

Red Hat/Red Hat Build of Keycloak

Red Hat/Red Hat build of Keycloak 26.4 26.4-12

Red Hat/Red Hat build of Keycloak 26.4 26.4.10-1

Red Hat/Red Hat build of Keycloak 26.4.10

Red Hat/Red Hat JBoss Enterprise Application Platform 8

Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack

Red Hat/Red Hat Single Sign-On 7

Published Feb 19, 2026

Tracked Since Feb 19, 2026