{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T18:36:44.460","vulnerabilities":[{"cve":{"id":"CVE-2026-2366","sourceIdentifier":"secalert@redhat.com","published":"2026-03-12T11:15:55.860","lastModified":"2026-04-02T14:16:27.407","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim's unique identifier (UUID) and the Organizations feature is enabled."},{"lang":"es","value":"Se encontró un defecto en Keycloak. Una vulnerabilidad de omisión de autorización en la API de administración de Keycloak permite a cualquier usuario autenticado, incluso a aquellos sin privilegios administrativos, enumerar las membresías de la organización de otros usuarios. Esta revelación de información ocurre si el atacante conoce el identificador único (UUID) de la víctima y la función de Organizaciones está habilitada."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2026:6477","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2026:6478","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2026-2366","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439081","source":"secalert@redhat.com"}]}}]}