{}

{}

{}

{"acknowledgement": "Red Hat would like to thank Pelissier, Sylvain (SICPA) for reporting this issue.", "bugzilla": {"description": "keycloak: keycloak: acceptable AAGUID policy bypass via packed self-attestation in WebAuthn registration", "id": "2460004", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460004"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-287", "details": ["No description is available for this CVE."], "name": "CVE-2026-6856", "package_state": [{"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Fix deferred", "package_name": "keycloak-services", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Fix deferred", "package_name": "keycloak-services", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "keycloak-services", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "keycloak-services", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Fix deferred", "package_name": "keycloak-services", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2026-04-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6856\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6856"], "threat_severity": "Low"}