Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit e5cc4753f81d · 2026-04-13T18:37:16.000Z
GHSA-22rm-wp4x-v5cx GHSA-4pgc-gfrr-wcmg
diff --git a/advisories/github-reviewed/2026/03/GHSA-22rm-wp4x-v5cx/GHSA-22rm-wp4x-v5cx.json b/advisories/github-reviewed/2026/03/GHSA-22rm-wp4x-v5cx/GHSA-22rm-wp4x-v5cx.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-22rm-wp4x-v5cx",
-  "modified": "2026-03-27T20:03:17Z",
+  "modified": "2026-04-13T18:35:11Z",
   "published": "2026-03-26T09:30:28Z",
   "aliases": [
     "CVE-2026-4874"
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "26.5.6"
+              "last_affected": "26.6.0"
             }
           ]
         }
diff --git a/advisories/github-reviewed/2026/03/GHSA-4pgc-gfrr-wcmg/GHSA-4pgc-gfrr-wcmg.json b/advisories/github-reviewed/2026/03/GHSA-4pgc-gfrr-wcmg/GHSA-4pgc-gfrr-wcmg.json
@@ -1,12 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-4pgc-gfrr-wcmg",
-  "modified": "2026-03-26T19:25:57Z",
+  "modified": "2026-04-13T18:36:28Z",
   "published": "2026-03-23T09:30:30Z",
   "aliases": [
     "CVE-2026-4628"
   ],
-  "summary": "Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false",
+  "summary": "Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false",
   "details": "A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.",
   "severity": [
     {
@@ -28,7 +28,7 @@
               "introduced": "0"
             },
             {
-              "last_affected": "26.5.6"
+              "last_affected": "26.6.0"
             }
           ]
         }

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-22rm-wp4x-v5cx",`
`4`		`- "modified": "2026-03-27T20:03:17Z",`
	`4`	`+ "modified": "2026-04-13T18:35:11Z",`
`5`	`5`	`"published": "2026-03-26T09:30:28Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-4874"`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "last_affected": "26.5.6"`
	`31`	`+ "last_affected": "26.6.0"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,12 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-4pgc-gfrr-wcmg",`
`4`		`- "modified": "2026-03-26T19:25:57Z",`
	`4`	`+ "modified": "2026-04-13T18:36:28Z",`
`5`	`5`	`"published": "2026-03-23T09:30:30Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2026-4628"`
`8`	`8`	`],`
`9`		`- "summary": "Keycloak has Improper Access Control allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false",`
	`9`	`+ "summary": "Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false",`
`10`	`10`	`"details": "A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control checks on PUT operations to the resource_set endpoint. This issue enables unauthorized modification of protected resources, impacting data integrity.",`
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`@@ -28,7 +28,7 @@`
`28`	`28`	`"introduced": "0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`		`- "last_affected": "26.5.6"`
	`31`	`+ "last_affected": "26.6.0"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`