{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T12:06:31.448","vulnerabilities":[{"cve":{"id":"CVE-2026-0871","sourceIdentifier":"secalert@redhat.com","published":"2026-02-27T08:17:09.410","lastModified":"2026-03-05T02:03:32.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."},{"lang":"es","value":"Se encontró una vulnerabilidad en Keycloak. Un administrador con permiso 'manage-users' puede eludir la configuración 'Solo los administradores pueden ver' para atributos no gestionados, permitiéndoles modificar estos atributos. Este control de acceso inadecuado puede llevar a cambios no autorizados en los perfiles de usuario, incluso cuando el sistema está configurado para restringir dichas modificaciones."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4.9","matchCriteriaId":"FEA48695-84DD-43C9-A163-38507A9A6582"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*","matchCriteriaId":"1830E455-7E11-4264-862D-05971A42D4A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*","versionEndExcluding":"26.4.0","matchCriteriaId":"1882E42C-6B1E-4E64-A8A9-28FE4DE7768E"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:2365","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2026:2366","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2026-0871","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428881","source":"secalert@redhat.com","tags":["Issue Tracking","Vendor Advisory"]}]}}]}