CVE-2026-4633
CWE-209Published: March 23, 2026· Updated: Mar 23, 2026
Official Description
A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to determine the existence of users, leading to information disclosure through user enumeration.
Technical Analysis
CVE-2026-4633 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-4633
A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, working exploit appeared within a day of the CVE assignment on June 16. Red Hat rates the flaw as [xlite_meta score:50 src:The Hacker News xlite_fp:51e96863a0ad1b6a77014dea1062983349e307e69ff1d5e5b30294cadbdfdb28]
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local user to disclose sensitive files and execute arbitrary commands as root on default installations of several major [xlite_meta score:50 src:The Hacker News xlite_fp:75b6b296ee64a41d42a7c5f5f4c84bb639c047f1af8d1f54f2d1a29c217457d1]
All References (2)
Quick Facts
Related CVEs (CWE-209)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4633 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts