New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
MEDIUM 6.8 Maven

Keycloak: Unauthorized account takeover via WebAuthn token replay

GHSA-w4p5-rfh6-cwrv · CVE-2026-37982

Published · Modified

Description

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's account. This leads to unauthorized enrollment of a hardware-backed credential, enabling persistent account takeover.

Ready to move

Start Securing

Free, no credit card | First findings in minutes