Keycloak Single-Use Object Provider Vulnerability Allowing Action Token Replay

Vulnerability

A vulnerability exists in Keycloak's SingleUseObjectProvider, which is a global key-value store that lacks proper type and namespace isolation. This flaw allows an attacker to delete arbitrary single-use entries, potentially enabling the replay of consumed action tokens, such as password reset links. Such exploitation could lead to unauthorized access or account compromise.

Impact

Exploitation of this vulnerability could allow for the unauthorized replay of action tokens, such as password reset links, leading to potential account compromise.

Added: Apr 2, 2026, 1:23 PM

Updated: Apr 2, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.0

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.0

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Single-Use Object Provider Vulnerability Allowing Action Token Replay

Vulnerability

Impact

Affected Products

Red Hat Build of Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating