SCA: security update for org.keycloak:keycloak-services (GHSA-8hcx-p7m8-gc28)

high Tenable Self-Hosted Container Security Plugin ID 444274

Description

Duplicate Advisory: Keycloak has privilege escalation via improper scope mapping enforcement

Solution

Update the org.keycloak:keycloak-services library and its related packages to version 26.6.4 or later.

See Also

https://github.com/advisories/GHSA-8hcx-p7m8-gc28

Plugin Details

Severity: High

ID: 444274

Version: Revision 1.1

Type: Local

Family: SCA Checks

Published: 7/2/2026

Updated: 7/2/2026

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/28/2026

Vulnerability Publication Date: 5/28/2026

Reference Information

cwe: CWE-266