- What: Keycloak is affected by an improper invitation token validation vulnerability.
- Impact: Versions 26.5.0 to 26.5.3, 26.2.13, and 26.3.0 to 26.4.9 are affected, potentially leading to unauthorized access.
Keycloak affected by improper invitation token validation High severity GitHub Reviewed Published Feb 9, 2026 to the GitHub Advisory Database • Updated Feb 13, 2026 Package org.keycloak:keycloak-services ( Maven ) Affected versions >= 26.5.0, < 26.5.3 < 26.2.13 >= 26.3.0, < 26.4.9 Patched versions 26.5.3 26.2.13 26.4.9 Published by the National Vulnerability Database Feb 9, 2026 Published to the GitHub Advisory Database Feb 9, 2026 Reviewed Feb 10, 2026 Last updated Feb 13, 2026