CVE-2026-37982
MEDIUMDescription
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken` tokens within Keycloak's WebAuthn (Web Authentication) flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's account. This leads to unauthorized enrollment of a hardware-backed credential, enabling persistent account takeover.
Is your site exposed to CVE-2026-37982?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-37982? +
How severe is CVE-2026-37982? +
How do I check if I'm vulnerable to CVE-2026-37982? +
Related Vulnerabilities
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a …
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the …
SMB forced authentication vulnerability in versions prior to 2025.35.000 of Sage 200 Spain. This vulnerability allows an authenticated attacker with …
Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key …
"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie …