CVE-2026-2733 - Org.keycloak/keycloak-services: keycloak: missing check on disabled client for do...

CVE ID : CVE-2026-2733 Published : Feb. 19, 2026, 7:48 a.m. | 36 minutes ago Description : A flaw was identified in the Docker v2 authentication endpoint of Keycloak, where tokens continue to be issued even after a Docker registry client has been administratively disabled. This means that turning the client “Enabled” setting to OFF does not fully prevent access. As a result, previously valid credentials can still be used to obtain authentication tokens. This weakens administrative controls and could allow unintended access to container registry resources. Severity: 3.8 | LOW Visit the link for more details, such as CVSS details, affected products, timeline, and more...