CVE-2026-4282
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnera
CVSS
7.4
High
EPSS
0.4%
p34
KEV
—
Exploit Today
10
0-100
Published: Apr 2, 2026 · Last modified: Jul 15, 2026 · CWE-653
0.4%EPSS · 30 days0.4%
2026-06-302026-07-19
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6475
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6476
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6477
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6478
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4282
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2448061
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6475
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6476
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6477
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:6478
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2026-4282
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2448061
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-4282.json
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-247819.8 CRI64.3%
——19vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.5dCVE-2026-4399710.0 CRI58.2%
——17vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbol(nodejs.util.inspect.custom). This vulnerability is fixed in 3.11.0.5dCVE-2026-269569.8 CRI56.3%
——17vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.5dCVE-2026-4400510.0 CRI53.8%
——16vm2 is an open source vm/sandbox for Node.js. From 3.9.6 to 3.10.5, vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with otherReflectSet() and otherReflectDefineProperty(), which lets attacker-controlled JavaScript running in a default VM or inherited NodeVM mutate shared host Object.prototype, Array.prototype, and Function.prototype from inside the sandbox This vulnerability is fixed in 3.11.0.5dCVE-2026-440099.8 CRI52.9%
——16vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2.5dCVE-2026-263329.8 CRI49.4%
——15vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0.5d