Tag
high
advisory
Keycloak UMA Policy Bypass Vulnerability (CVE-2026-4636)
2 rules 3 TTPs 1 CVECVE-2026-4636 describes a vulnerability in Keycloak where an authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation, leading to unauthorized access to victim-owned resources.
keycloak
uma
policy-bypass
privilege-escalation
2r
3t
1c
high
advisory
Heimdall Host Matching Case-Sensitivity Vulnerability
2 rules 1 TTPHeimdall performs case-sensitive host matching, which can lead to policy bypass because HTTP hostnames are case-insensitive, potentially leading to unauthorized access, data modification, or privilege escalation if the request host is part of the rule.
heimdall
defense-evasion
policy-bypass
access-control
2r
1t