Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN147 _____________________________________________________________________ DATE : 11/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Keycloak versions prior to 26.5.3. ===================================================================== https://www.keycloak.org/2026/02/keycloak-2653-released _____________________________________________________________________ Keycloak 26.5.3 released February 10 2026 To download the release go to Keycloak downloads. Upgrading Before upgrading refer to the migration guide for a complete list of changes. All resolved issues Security fixes #46144 CVE-2026-1609 Disabled users can still obtain tokens via JWT Authorization Grant #46145 CVE-2026-1529 Forged invitation JWT enables cross-organization self-registration #46146 CVE-2026-1486 Logic Bypass in JWT Authorization Grant Allows Authentication via Disabled Identity Providers #46147 CVE-2025-14778 Incorrect ownership checks in /uma-policy/ Enhancements #45892 Upgrade minikube for CI tests operator Bugs #44379 Node.js admin client does not refresh tokens admin/client-js #45459 k8s multiple restart (oomkilled) in v26.5.0-0 during startup because of RAM dist/quarkus #45662 Increase in startup memory consumption in post 26.5 versions dist/quarkus #45677 Hibernate Validator is enabled by default when not used dist/quarkus #45708 Unpexted value '' in mixed-cluster-compatibility-tests testsuite #45745 mixed-cluster-compatibility-tests fail due to incorrectly masked content in 26.5 branch ci #45755 Broken YAML indentation in operator rolling updates doc docs #45780 Remove fatal log messages from `ConsistentHash` ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================