-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.keycloak:keycloak-quarkus-server | maven | >= 25.0.0, < 26.0.6 | 26.0.6 |
Miggo AIRoot Cause AnalysisThe vulnerability stemmed from improper configuration checks for MTLS encryption in JGroups replication. The first vulnerable function used CACHE_REMOTE_TLS_ENABLED instead of the embedded-specific property (commit 071032a). Later analysis revealed a deeper issue where the configuration system required using Option enums rather than string properties (commit 36defd5). Both instances in different versions of CacheManagerFactory.java failed to properly activate MTLS encryption based on KC_CACHE_EMBEDDED_MTLS_ENABLED, leaving communications unencrypted. The high confidence comes from direct evidence in commit diffs and GHSA documentation linking these code changes to the vulnerability resolution.
JavaJavaOngoing coverage of React2Shell