{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T11:01:17.710","vulnerabilities":[{"cve":{"id":"CVE-2026-1529","sourceIdentifier":"secalert@redhat.com","published":"2026-02-09T20:15:55.883","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lack of cryptographic signature verification allows the attacker to successfully self-register into an unauthorized organization, leading to unauthorized access."},{"lang":"es","value":"Se encontró una falla en Keycloak. Un atacante puede explotar esta vulnerabilidad modificando el ID de la organización y el correo electrónico de destino dentro de la carga útil (payload) de un JSON Web Token (JWT) de un token de invitación legítimo. Esta falta de verificación de firma criptográfica permite al atacante registrarse exitosamente en una organización no autorizada, lo que lleva a un acceso no autorizado."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-347"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:2363","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:2364","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:2365","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:2366","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-1529","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433783","source":"secalert@redhat.com"}]}}]}