CVE-2026-1609 - Org.keycloak/keycloak-quarkus-server: keycloak: unauthorized access via jwt authorization grant with disabled users
CVE ID :CVE-2026-1609 Published : July 16, 2026, 1:16 a.m. | 1 hour, 18 minutes ago Description :A flaw was found in Keycloak. When the JSON Web Token (JWT) authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status...