CVE-2026-9795 in Keycloakinformação

Sumário

de MITRE • 28/05/2026

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

Redhat

Reservar

28/05/2026

Divulgação

28/05/2026

Moderação

aceite

Entrada

VDB-366570

CPE

pronto

CWE

CWE-266 (confirmado)

CVSS

7.3 (CNA)

EPSS

0.00034

KEV

não

Atividades

muito baixo

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-9795
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-9795
CVE Details	https://www.cvedetails.com/cve/CVE-2026-9795/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!