Tag
A high-severity vulnerability (CVE-2026-54641) in OpenRemote's `UserResourceImpl.java` allows a realm administrator in a multi-tenant deployment to perform cross-realm user enumeration and privilege-level reconnaissance by reading sensitive user information (profile, client roles, and realm roles) from any other realm, including the master realm, due to missing authorization checks in specific REST API endpoints.