CVE-2026-3429 vulnerability in Red Hat Products
Published on March 11, 2026
Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api
A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for higher-assurance sessions. Specifically, an attacker who has already obtained a victims password can delete the victims registered MFA/OTP credential without first proving possession of that factor. The attacker can then register their own MFA device, effectively taking full control of the account. This weakness undermines the intended protection provided by multi-factor authentication.
Vulnerability Analysis
CVE-2026-3429 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2026-3429 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2026-3429
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.