CVE-2026-9795 in Keycloakinformation

Résumé

par MITRE • 28/05/2026

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Redhat

Réserver

28/05/2026

Divulgation

28/05/2026

Modérer

accepté

Entrée

VDB-366570

CPE

prêt

CWE

CWE-266 (confirmé)

CVSS

7.3 (CNA)

EPSS

0.00034

KEV

non

Activités

très faible

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9795
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9795
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9795/

◂ Précédent Aperçu Suivant ▸

Do you need the next level of professionalism?

Upgrade your account now!