Vulnerability-Lookup

RHSA-2026:30050

Vulnerability from csaf_redhat - Published: 2026-06-25 17:40 - Updated: 2026-06-26 06:46

Summary

Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Images Security Update

Severity

Important

Notes

Topic: New images are available for Red Hat build of Keycloak 26.4.13 and Red Hat build of Keycloak 26.4.13 Operator, running on OpenShift Container Platform

Details: Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.4.13 clusters. This erratum releases new images for Red Hat build of Keycloak 26.4.13 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Information disclosure via CORS header injection due to unvalidated JWT azp claim (CVE-2026-37977) * Server-Side Request Forgery via OIDC token endpoint manipulation (CVE-2026-4874) * eclipse-vertx/vert.x:Denial of Service via TLS handshake with wildcard server name (CVE-2026-6860) * Improper Access Control on Keycloak Server when the account Account API feature is disabled (CVE-2026-7500) * Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation (CVE-2026-8830) * Security flaw in org.keycloak/keycloak-services (CVE-2026-8922) * Information disclosure through arbitrary filesystem path probing (CVE-2026-9083) * Cross-site scripting (XSS) via case-insensitive URI validation bypass (CVE-2026-9086) * Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login (CVE-2026-9087) * Information disclosure due to user profile permission bypass (CVE-2026-9088) * Group-Admin Escalation to Realm-Admin (CVE-2026-9099) * Privilege escalation due to oversized subject_token JWT (CVE-2026-9704) * Attacker can re-enable and take over disabled clients via Registration Access Token (CVE-2026-9705) * Organization Data Leak After Feature Disabled in Keycloak (CVE-2026-9791) * Security restriction bypass allows unauthorized ROPC token acquisition (CVE-2026-9792) * Information disclosure via SAML ECP endpoint (CVE-2026-9794) * Privilege escalation via improper scope mapping enforcement (CVE-2026-9795) * Unauthorized access to resources via UMA permission ticket bypass (CVE-2026-9799) * Authorization bypass via incorrect URI comparison (CVE-2026-9800) * Denial of Service via malformed LDAP password policy response (CVE-2026-9801) * Unauthorized account access via replayed refresh tokens after cluster restart (CVE-2026-9802) * Denial of Service via malformed Authorization header (CVE-2026-9803)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-6860

A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security (TLS) handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service (DoS) condition, impacting the availability of the affected system.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-7500

When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read and write operations — because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-425 - Direct Request ('Forced Browsing')

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential's parameters, such as public key algorithms, match the realm's configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-603 - Use of Client-Side Authentication

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-8922

A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-303 - Incorrect Implementation of Authentication Algorithm

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-9087

A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim's local account.

6.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-1220 - Insufficient Granularity of Access Control

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Low

CVE-2026-9099

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group. Because group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator's password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9705

A flaw was found in Keycloak's client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker to reset the client's secret and potentially regain privileged API access. The primary impact includes unauthorized information disclosure and potential integrity compromise.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-613 - Insufficient Session Expiration

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9791

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-863 - Incorrect Authorization

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9792

A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client's protocol type, leading to information disclosure.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE-266 - Incorrect Privilege Assignment

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-9799

A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to all resources of that type within the same resource server, even if they do not have a ticket for those specific resources. This vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources.

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE-639 - Authorization Bypass Through User-Controlled Key

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9800

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-1025 - Comparison Using Wrong Factors

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-9801

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9802

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim's account, potentially leading to information disclosure or privilege escalation.

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-613 - Insufficient Session Expiration

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-9803

A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-37977

A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: ["*"]`.

3.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-346 - Origin Validation Error

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x	—	Vendor Fix fix

Threats

Impact Low

References

94 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:30050	self
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-4874	self
https://bugzilla.redhat.com/show_bug.cgi?id=2451611	external
https://www.cve.org/CVERecord?id=CVE-2026-4874	external
https://nvd.nist.gov/vuln/detail/CVE-2026-4874	external
https://access.redhat.com/security/cve/CVE-2026-6860	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466990	external
https://www.cve.org/CVERecord?id=CVE-2026-6860	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6860	external
https://github.com/eclipse-vertx/vert.x/pull/6102	external
https://github.com/eclipse-vertx/vert.x/security/…	external
https://gitlab.eclipse.org/security/vulnerability…	external
https://access.redhat.com/security/cve/CVE-2026-7500	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464126	external
https://www.cve.org/CVERecord?id=CVE-2026-7500	external
https://nvd.nist.gov/vuln/detail/CVE-2026-7500	external
https://access.redhat.com/security/cve/CVE-2026-8830	self
https://bugzilla.redhat.com/show_bug.cgi?id=2479565	external
https://www.cve.org/CVERecord?id=CVE-2026-8830	external
https://nvd.nist.gov/vuln/detail/CVE-2026-8830	external
https://access.redhat.com/security/cve/CVE-2026-8922	self
https://bugzilla.redhat.com/show_bug.cgi?id=2479586	external
https://www.cve.org/CVERecord?id=CVE-2026-8922	external
https://nvd.nist.gov/vuln/detail/CVE-2026-8922	external
https://access.redhat.com/security/cve/CVE-2026-9083	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480168	external
https://www.cve.org/CVERecord?id=CVE-2026-9083	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9083	external
https://access.redhat.com/security/cve/CVE-2026-9086	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480170	external
https://www.cve.org/CVERecord?id=CVE-2026-9086	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9086	external
https://access.redhat.com/security/cve/CVE-2026-9087	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480172	external
https://www.cve.org/CVERecord?id=CVE-2026-9087	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9087	external
https://access.redhat.com/security/cve/CVE-2026-9088	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480179	external
https://www.cve.org/CVERecord?id=CVE-2026-9088	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9088	external
https://access.redhat.com/security/cve/CVE-2026-9099	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480182	external
https://www.cve.org/CVERecord?id=CVE-2026-9099	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9099	external
https://access.redhat.com/security/cve/CVE-2026-9704	self
https://bugzilla.redhat.com/show_bug.cgi?id=2481877	external
https://www.cve.org/CVERecord?id=CVE-2026-9704	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9704	external
https://access.redhat.com/security/cve/CVE-2026-9705	self
https://bugzilla.redhat.com/show_bug.cgi?id=2481878	external
https://www.cve.org/CVERecord?id=CVE-2026-9705	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9705	external
https://access.redhat.com/security/cve/CVE-2026-9791	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482458	external
https://www.cve.org/CVERecord?id=CVE-2026-9791	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9791	external
https://access.redhat.com/security/cve/CVE-2026-9792	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482459	external
https://www.cve.org/CVERecord?id=CVE-2026-9792	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9792	external
https://access.redhat.com/security/cve/CVE-2026-9794	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482461	external
https://www.cve.org/CVERecord?id=CVE-2026-9794	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9794	external
https://access.redhat.com/security/cve/CVE-2026-9795	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482462	external
https://www.cve.org/CVERecord?id=CVE-2026-9795	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9795	external
https://access.redhat.com/security/cve/CVE-2026-9799	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482471	external
https://www.cve.org/CVERecord?id=CVE-2026-9799	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9799	external
https://access.redhat.com/security/cve/CVE-2026-9800	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482472	external
https://www.cve.org/CVERecord?id=CVE-2026-9800	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9800	external
https://access.redhat.com/security/cve/CVE-2026-9801	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482473	external
https://www.cve.org/CVERecord?id=CVE-2026-9801	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9801	external
https://access.redhat.com/security/cve/CVE-2026-9802	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482467	external
https://www.cve.org/CVERecord?id=CVE-2026-9802	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9802	external
https://access.redhat.com/security/cve/CVE-2026-9803	self
https://bugzilla.redhat.com/show_bug.cgi?id=2482465	external
https://www.cve.org/CVERecord?id=CVE-2026-9803	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9803	external
https://access.redhat.com/security/cve/CVE-2026-37977	self
https://bugzilla.redhat.com/show_bug.cgi?id=2455324	external
https://www.cve.org/CVERecord?id=CVE-2026-37977	external
https://nvd.nist.gov/vuln/detail/CVE-2026-37977	external

Acknowledgments

Independent Security Researcher Evan Hendra

Evan Hendra

RedHat Martin Bartoš

Joy Gilbert Reynaldo Immanuel

AxiomCode Swapnil Paliwal & Security Team

saku0512

Hadley So

Filip Jovanov (PegasusMKD)

Qiulin Deng

Muhammed Hussein Asaad Mostafa

Andrej Tomci

Omaroo Baniessa

Bas Levering

Seongkuk Park

Gyeongpyo Son

Mustafa Çetin

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New images are available for Red Hat build of Keycloak 26.4.13 and Red Hat build of Keycloak 26.4.13 Operator, running on OpenShift Container Platform",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat build of Keycloak is an integrated sign-on solution,\navailable as a Red Hat JBoss Middleware for OpenShift containerized\nimage. The Red Hat build of Keycloak for OpenShift image provides\nan authentication server that you can use to log in centrally, log\nout, and register. You can also manage user accounts for web\napplications, mobile applications, and RESTful web services.\n\nRed Hat build of Keycloak Operator for OpenShift simplifies\ndeployment and management of Keycloak 26.4.13 clusters.\n\nThis erratum releases new images for Red Hat build of Keycloak\n26.4.13 for use within the OpenShift Container Platform cloud\ncomputing Platform-as-a-Service (PaaS) for on-premise or private\ncloud deployments, aligning with the standalone product release.\n\nSecurity fixes:\n* Information disclosure via CORS header injection due to unvalidated JWT azp claim (CVE-2026-37977)\n* Server-Side Request Forgery via OIDC token endpoint manipulation (CVE-2026-4874)\n* eclipse-vertx/vert.x:Denial of Service via TLS handshake with wildcard server name (CVE-2026-6860)\n* Improper Access Control on Keycloak Server when the account Account API feature is disabled (CVE-2026-7500)\n* Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation (CVE-2026-8830)\n* Security flaw in org.keycloak/keycloak-services (CVE-2026-8922)\n* Information disclosure through arbitrary filesystem path probing (CVE-2026-9083)\n* Cross-site scripting (XSS) via case-insensitive URI validation bypass (CVE-2026-9086)\n* Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login (CVE-2026-9087)\n* Information disclosure due to user profile permission bypass (CVE-2026-9088)\n* Group-Admin Escalation to Realm-Admin (CVE-2026-9099)\n* Privilege escalation due to oversized subject_token JWT (CVE-2026-9704)\n* Attacker can re-enable and take over disabled clients via Registration Access Token (CVE-2026-9705)\n* Organization Data Leak After Feature Disabled in Keycloak (CVE-2026-9791)\n* Security restriction bypass allows unauthorized ROPC token acquisition (CVE-2026-9792)\n* Information disclosure via SAML ECP endpoint (CVE-2026-9794)\n* Privilege escalation via improper scope mapping enforcement (CVE-2026-9795)\n* Unauthorized access to resources via UMA permission ticket bypass (CVE-2026-9799)\n* Authorization bypass via incorrect URI comparison (CVE-2026-9800)\n* Denial of Service via malformed LDAP password policy response (CVE-2026-9801)\n* Unauthorized account access via replayed refresh tokens after cluster restart (CVE-2026-9802)\n* Denial of Service via malformed Authorization header (CVE-2026-9803)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:30050",
        "url": "https://access.redhat.com/errata/RHSA-2026:30050"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_30050.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Images Security Update",
    "tracking": {
      "current_release_date": "2026-06-26T06:46:45+00:00",
      "generator": {
        "date": "2026-06-26T06:46:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.5"
        }
      },
      "id": "RHSA-2026:30050",
      "initial_release_date": "2026-06-25T17:40:47+00:00",
      "revision_history": [
        {
          "date": "2026-06-25T17:40:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-25T17:40:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-26T06:46:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat build of Keycloak 26.4",
                "product": {
                  "name": "Red Hat build of Keycloak 26.4",
                  "product_id": "9Base-RHBK-26.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:build_keycloak:26.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat build of Keycloak"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-19"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
                "product": {
                  "name": "rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
                  "product_id": "rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-operator-bundle\u0026tag=26.4.13-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-19"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x",
                  "product_id": "rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-19"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.4-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.4-19"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64 as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64"
        },
        "product_reference": "rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64 as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64 as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64 as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64 as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x as a component of Red Hat build of Keycloak 26.4",
          "product_id": "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Evan Hendra"
          ],
          "organization": "Independent Security Researcher"
        }
      ],
      "cve": "CVE-2026-4874",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-03-26T05:51:10.233928+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2451611"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server\u2019s network context, potentially probing internal networks or internal APIs, leading to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw allows an authenticated attacker to perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This vulnerability is exploitable when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder, enabling the attacker to probe internal networks from the Keycloak server\u0027s context. Exploitation requires valid user credentials and a logout event.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-4874"
        },
        {
          "category": "external",
          "summary": "RHBZ#2451611",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451611"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-4874",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-4874"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4874"
        }
      ],
      "release_date": "2026-03-26T05:56:03.440000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation"
    },
    {
      "cve": "CVE-2026-6860",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-05-06T10:01:43.929832+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466990"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in eclipse-vertx/vert.x. A remote attacker can exploit this vulnerability by performing a Transport Layer Security (TLS) handshake and presenting a server name extension with a server wildcard name. This can lead to a denial of service (DoS) condition, impacting the availability of the affected system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as Moderate because a remote attacker can trigger a denial of service in Red Hat products that use `eclipse-vertx/vert.x` and are configured with TLS wildcard server names. Exploitation occurs during the TLS handshake, impacting service availability without affecting data confidentiality or integrity.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6860"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466990",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466990"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6860"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6860"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/pull/6102",
          "url": "https://github.com/eclipse-vertx/vert.x/pull/6102"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6",
          "url": "https://github.com/eclipse-vertx/vert.x/security/advisories/GHSA-3g76-f9xq-8vp6"
        },
        {
          "category": "external",
          "summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381",
          "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/381"
        }
      ],
      "release_date": "2026-05-06T09:55:12.531000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Evan Hendra"
          ]
        }
      ],
      "cve": "CVE-2026-7500",
      "cwe": {
        "id": "CWE-425",
        "name": "Direct Request (\u0027Forced Browsing\u0027)"
      },
      "discovery_date": "2026-04-30T14:31:57.661264+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464126"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional \u2014 including both read and write operations \u2014 because they lack the `checkAccountApiEnabled()` gate that correctly blocks four other endpoints in the same REST service class. The user needs to have permissions to use the API.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate impact flaw in Keycloak allows authenticated users to bypass the intended disablement of the account and account-api features when Keycloak is started with `--features-disabled=account,account-api`. This bypass enables unauthorized read and write operations on specific account endpoints, despite the configuration aiming to restrict such access.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-7500"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464126",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464126"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-7500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7500"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7500"
        }
      ],
      "release_date": "2026-04-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To reduce the attack surface, restrict network access to the Keycloak server\u0027s administration and API endpoints to trusted networks or hosts. This limits the ability of unauthorized users to interact with the server and potentially exploit this improper access control vulnerability. If the Keycloak service is reloaded or restarted, ensure that firewall rules or network access controls remain in effect.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Martin Barto\u0161"
          ],
          "organization": "RedHat"
        }
      ],
      "cve": "CVE-2026-8830",
      "cwe": {
        "id": "CWE-603",
        "name": "Use of Client-Side Authentication"
      },
      "discovery_date": "2026-05-18T13:09:00.257429+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2479565"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential\u0027s parameters, such as public key algorithms, match the realm\u0027s configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: org.keycloak/keycloak-services: Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A Moderate security flaw was found in Keycloak\u0027s WebAuthn credential registration process. This issue allows an authenticated attacker to bypass configured WebAuthn policies, such as algorithm requirements or user verification, by manipulating client-side JavaScript during registration. This bypass could lead to the registration of credentials that do not meet the intended security standards, potentially weakening the overall authentication posture.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-8830"
        },
        {
          "category": "external",
          "summary": "RHBZ#2479565",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479565"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-8830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8830"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8830",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8830"
        }
      ],
      "release_date": "2026-05-19T05:00:04.741000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: org.keycloak/keycloak-services: Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Joy Gilbert",
            "Reynaldo Immanuel"
          ]
        }
      ],
      "cve": "CVE-2026-8922",
      "cwe": {
        "id": "CWE-303",
        "name": "Incorrect Implementation of Authentication Algorithm"
      },
      "discovery_date": "2026-05-18T14:50:44.323413+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2479586"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak\u0027s OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level policy. This allows tokens that should have been revoked to remain active, potentially leading to unauthorized access or continued session validity. This could impact the security of systems utilizing Keycloak for identity and access management.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: Security flaw in org.keycloak/keycloak-services",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate impact flaw in Red Hat Build of Keycloak allows revoked OpenID Connect (OIDC) tokens to remain active due to a failure in honoring realm-level revocation policies when client-level `notBefore` values are also configured. This occurs because the client-level setting can interfere with the intended realm-level revocation, leading to a temporary bypass of security controls.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-8922"
        },
        {
          "category": "external",
          "summary": "RHBZ#2479586",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479586"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-8922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-8922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8922"
        }
      ],
      "release_date": "2026-05-19T06:22:56.138000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: Security flaw in org.keycloak/keycloak-services"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Swapnil Paliwal \u0026 Security Team"
          ],
          "organization": "AxiomCode"
        }
      ],
      "cve": "CVE-2026-9083",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-05-20T14:11:24.606000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480168"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A realm administrator with the \"manage-realm\" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Medium: This flaw in Keycloak allows a highly privileged realm administrator with the \"manage-realm\" role to perform arbitrary filesystem path probing. By submitting a crafted keystore path, an authenticated attacker can determine the existence and readability of files on the Keycloak server, potentially identifying high-value targets for further attacks. Exploitation requires an attacker to possess the \"manage-realm\" role, which is a high-level administrative permission.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9083"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480168",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480168"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9083",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9083"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9083",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9083"
        }
      ],
      "release_date": "2026-06-25T15:58:16.784000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Ensure that only highly trusted administrators are granted the \"manage-realm\" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "saku0512"
          ]
        }
      ],
      "cve": "CVE-2026-9086",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-05-20T14:43:55.195000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480170"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with `manage-client` permission or access to client registration endpoints, could bypass client Uniform Resource Identifier (URI) validation. This is achieved by registering a malicious client with a specially crafted redirect URI using a case-insensitive `javascript:` or `data:` scheme. This Cross-Site Scripting (XSS) vulnerability allows for arbitrary code execution in the Keycloak origin when a victim clicks the crafted link, such as in the logout flow or the Admin Console.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is rated as High. Keycloak\u0027s client URI validation is vulnerable to a case-insensitivity issue, allowing attackers to bypass scheme blocklists by using mixed-case `javascript:` or `data:` URIs. This can lead to cross-site scripting (XSS) in the Keycloak origin when a victim interacts with a crafted link, such as during the logout flow. Exploitation requires an authenticated administrator with `manage-client` privileges or access to client registration endpoints, and user interaction.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9086"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480170",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480170"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9086",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9086"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9086",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9086"
        }
      ],
      "release_date": "2026-06-25T15:58:33.359000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, restrict the ability to register new clients and manage existing client configurations. If Dynamic Client Registration is not required, disable it in Keycloak\u0027s Realm Settings under Client Registration Policies. If Dynamic Client Registration is necessary, ensure that policies are strictly configured to prevent anonymous client registration and require initial access tokens for all client registrations. Additionally, limit the `manage-client` role to only trusted administrators. Changes to Keycloak configuration may require a service restart or redeployment to take effect.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass"
    },
    {
      "cve": "CVE-2026-9087",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2026-05-20T14:53:02.458000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId,\nidpAlias) and is not bound to the upstream identity that was actually verified, so a second upstream account on the same IdP can consume it and get linked to the victim\u0027s local account.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Important: A flaw in Keycloak\u0027s cross-session email verification allows an attacker to gain persistent access to a victim\u0027s local account. This occurs when an attacker controls an upstream identity provider account sharing an email with the victim, and the victim is actively linking their account while email verification is enabled and the identity provider is configured with `trustEmail=false`. The attacker can then consume the verification proof, linking their account to the victim\u0027s.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9087"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9087",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9087"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9087",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9087"
        }
      ],
      "release_date": "2026-05-20T14:53:44.238000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, configure the affected identity provider to set `trustEmail=true`. This ensures that Keycloak trusts the email address provided by the upstream identity provider, bypassing the vulnerable verification flow. This mitigation should only be applied if the upstream identity provider is fully trusted to verify email addresses and prevent malicious account creation with existing email addresses. Configuration changes may require a Keycloak service restart or reload to take effect.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Hadley So"
          ]
        }
      ],
      "cve": "CVE-2026-9088",
      "cwe": {
        "id": "CWE-1220",
        "name": "Insufficient Granularity of Access Control"
      },
      "discovery_date": "2026-05-20T15:01:25.568000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480179"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Information disclosure due to user profile permission bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Low: A flaw in Keycloak allows administrators with delegated access to read group memberships and users to bypass user profile permissions. This enables the viewing of user attributes that are configured to be denied, impacting data confidentiality for specific administrative roles.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9088"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480179",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9088",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9088"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9088",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9088"
        }
      ],
      "release_date": "2026-06-05T07:45:40.116000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Keycloak: Information disclosure due to user profile permission bypass"
    },
    {
      "cve": "CVE-2026-9099",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2026-05-20T15:05:54.381000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480182"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group.\n\nBecause group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator\u0027s password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Group-Admin Escalation to Realm-Admin",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as High impact. When Fine-Grained Admin Permissions (FGAPv2) are enabled in Keycloak, a delegated administrator with specific `manage-members` permissions on a low-privilege group can bypass authorization checks to reparent any other group, including those with `realm-admin` roles. This allows the attacker to reset passwords of members in the stolen group, leading to a full realm takeover.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9099"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480182",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480182"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9099",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9099"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9099",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9099"
        }
      ],
      "release_date": "2026-06-25T15:58:51.884000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, restrict network access to the Keycloak Admin REST API to only trusted networks or localhost. This limits the attack surface by preventing unauthorized access to the API endpoints required for exploitation. Consult your network security documentation for specific firewall or network access control configurations. This may impact remote administration capabilities.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Group-Admin Escalation to Realm-Admin"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Filip Jovanov (PegasusMKD)"
          ]
        }
      ],
      "cve": "CVE-2026-9704",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2026-05-27T12:27:13.702000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2481877"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client\u0027s service account, leading to privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate flaw in Keycloak allows an authenticated, low-privileged user to escalate privileges. By submitting an oversized `subject_token` JWT to the TokenEndpoint, the system defaults to client credentials, granting the attacker the client\u0027s service account permissions. This bypass occurs when the token exceeds a 4000-character limit, leading to an unintended privilege gain.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9704"
        },
        {
          "category": "external",
          "summary": "RHBZ#2481877",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481877"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9704"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9704",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9704"
        }
      ],
      "release_date": "2026-05-27T12:45:59.735000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To prevent the silent dropping of oversized `subject_token` JWTs, configure Keycloak to enforce strict parameter validation. This involves setting the `fail-fast` parameter to `true` for the `TokenEndpoint` configuration, which will cause requests with oversized parameters to be rejected explicitly rather than silently processed with reduced privileges. Consult Keycloak documentation for the exact method to modify these settings. A restart of the Keycloak service may be necessary for the changes to apply.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Qiulin Deng"
          ]
        }
      ],
      "cve": "CVE-2026-9705",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2026-05-27T12:42:28.395000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2481878"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker to reset the client\u0027s secret and potentially regain privileged API access. The primary impact includes unauthorized information disclosure and potential integrity compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A Moderate flaw was found in Keycloak where a disabled client can be re-enabled by an attacker who retains a Registration Access Token (RAT) from a prior legitimate client registration. This allows the attacker to bypass the administrator\u0027s explicit intent to disable the client, reset its secret, and restore OAuth client_credentials capability, potentially leading to unauthorized access to resources.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2481878",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481878"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9705"
        }
      ],
      "release_date": "2026-06-25T15:59:03.780000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, restrict network access to the Keycloak Dynamic Client Registration endpoint. Configure network firewalls to allow connections only from trusted hosts or networks that legitimately require access to this functionality. This limits the exposure of the vulnerable endpoint to unauthorized access attempts.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Evan Hendra"
          ],
          "organization": "Independent Security Researcher"
        }
      ],
      "cve": "CVE-2026-9791",
      "cwe": {
        "id": "CWE-863",
        "name": "Incorrect Authorization"
      },
      "discovery_date": "2026-05-28T03:06:33+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482458"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the \u0027organization\u0027 scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Keycloak fails to enforce the disabled state of the Organizations feature on user-facing APIs, allowing authenticated users to retrieve organization membership data and obtain tokens with organization claims even after an administrator has disabled the feature at the realm level.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9791"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482458",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482458"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9791",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9791"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9791",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9791"
        }
      ],
      "release_date": "2026-05-28T03:08:53.319000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Administrators should verify that disabling the Organizations feature properly blocks all organization-related functionality. Consider implementing additional access controls or removing organization memberships before disabling the feature.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Evan Hendra"
          ],
          "organization": "Independent Security Researcher"
        }
      ],
      "cve": "CVE-2026-9792",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges"
      },
      "discovery_date": "2026-05-28T03:09:09.710000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482459"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Security restriction bypass allows unauthorized ROPC token acquisition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Medium severity flaw in Keycloak allows client policies designed to reject Resource Owner Password Credentials (ROPC) grants to be bypassed. When specific condition providers (client-type, client-roles, client-attributes, or client-scopes) are used, clients can obtain tokens via ROPC despite explicit policy configuration to block such requests. This impacts Keycloak deployments where administrators rely on these policies to enforce FAPI 2.0 compliance and prevent credential exposure.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9792"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482459",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482459"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9792",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9792"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9792",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9792"
        }
      ],
      "release_date": "2026-05-28T03:10:21.828000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, Keycloak administrators should review and adjust client policies designed to reject Resource Owner Password Credentials (ROPC) grants. Avoid using the `client-type`, `client-roles`, `client-attributes`, or `client-scopes` condition providers in conjunction with the `reject-ropc-grant` executor. Instead, configure policies to use the `grant-type` condition provider for ROPC rejection. A restart or reload of the Keycloak service may be required for these policy changes to take full effect.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Security restriction bypass allows unauthorized ROPC token acquisition"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Muhammed Hussein",
            "Asaad Mostafa"
          ]
        }
      ],
      "cve": "CVE-2026-9794",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "discovery_date": "2026-05-28T03:14:55.617000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482461"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client\u0027s protocol type, leading to information disclosure.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Information disclosure via SAML ECP endpoint",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate-severity information disclosure flaw in Keycloak allows an unauthenticated, remote attacker to enumerate client protocol types. By sending specially crafted SOAP requests to the SAML ECP endpoint and analyzing the resulting faultstrings, an attacker can discern the protocol associated with different client IDs, aiding in further targeted attacks.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9794"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482461",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482461"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9794",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9794"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9794",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9794"
        }
      ],
      "release_date": "2026-05-28T03:15:43.066000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Information disclosure via SAML ECP endpoint"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Andrej Tomci"
          ]
        }
      ],
      "cve": "CVE-2026-9795",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2026-05-28T03:15:51.639000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482462"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client\u0027s scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user\u0027s authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important privilege escalation flaw in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An attacker with fine-grained client management permissions can bypass role mapping restrictions, allowing them to inject arbitrary realm roles into a client\u0027s scope. Subsequent authentication by a privileged user through the compromised client would then project these injected roles into their token, leading to unauthorized access. Exploitation requires specific administrative preconditions and user interaction.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9795"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482462",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482462"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9795",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9795"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9795",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9795"
        }
      ],
      "release_date": "2026-05-28T03:16:49.326000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, disable the Fine-Grained Admin Permissions (FGAPv2) feature in Keycloak if it is not strictly required. This can typically be done by setting `adminPermissionsEnabled` to `false` in the realm configuration. Disabling FGAPv2 will prevent the exploitation of this flaw by removing the vulnerable functionality. However, this may impact administrative delegation capabilities within Keycloak. A restart or reload of the Keycloak service may be required for the changes to take effect.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Omaroo Baniessa"
          ]
        }
      ],
      "cve": "CVE-2026-9799",
      "cwe": {
        "id": "CWE-639",
        "name": "Authorization Bypass Through User-Controlled Key"
      },
      "discovery_date": "2026-05-28T03:53:15.687000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482471"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to all resources of that type within the same resource server, even if they do not have a ticket for those specific resources. This vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A Medium severity flaw exists in Keycloak\u0027s authorization component where a user with a UMA permission ticket for a specific resource type can gain unauthorized access to all resources of that type. This bypass occurs when the resource server is configured with the non-default PERMISSIVE policy enforcement mode, has ownerManagedAccess enabled for typed resources, and lacks a covering policy for the resource type. Exploitation requires an authenticated user with an existing permission ticket, limiting its impact to specific, non-default Keycloak deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9799"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482471",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482471"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9799",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9799"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9799",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9799"
        }
      ],
      "release_date": "2026-05-19T12:34:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, ensure that the Keycloak client\u0027s policy enforcement mode is set to ENFORCING instead of PERMISSIVE. The PERMISSIVE mode is a non-default configuration that enables the vulnerability. Changing this setting will prevent the unauthorized access to resources of the same type. Consult Keycloak documentation for specific instructions on configuring policy enforcement mode for your client. This change may require a restart or reload of the Keycloak service to take effect and could impact existing authorization policies if not carefully managed.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Bas Levering"
          ]
        }
      ],
      "cve": "CVE-2026-9800",
      "cwe": {
        "id": "CWE-1025",
        "name": "Comparison Using Wrong Factors"
      },
      "discovery_date": "2026-05-28T03:57:56.111000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482472"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482472",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9800",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9800"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9800",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9800"
        }
      ],
      "release_date": "2026-05-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Seongkuk Park"
          ]
        }
      ],
      "cve": "CVE-2026-9801",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2026-05-28T04:00:39.339000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482473"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Denial of Service via malformed LDAP password policy response",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Keycloak presents a denial-of-service risk when an LDAP user-storage provider is configured. A highly privileged attacker, such as a realm administrator or through a compromised LDAP connection, can send a malformed LDAP password-policy response. This triggers an OutOfMemoryError, causing the Keycloak JVM to terminate and resulting in a complete outage of the node.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9801"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482473",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482473"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9801"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9801",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9801"
        }
      ],
      "release_date": "2026-05-28T04:18:25.872000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, ensure that Keycloak\u0027s LDAP user-storage providers are configured to connect only to trusted and secure LDAP servers. Avoid configuring LDAP federation with unverified or potentially malicious LDAP endpoints. Additionally, always use TLS for LDAP connections to prevent Man-in-the-Middle attacks. If an upstream LDAP server is compromised, it should be isolated and secured immediately.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Denial of Service via malformed LDAP password policy response"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Gyeongpyo Son"
          ]
        }
      ],
      "cve": "CVE-2026-9802",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2026-05-28T04:01:03.837000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482467"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user\u0027s refresh token, to replay that token even after it has been revoked. Successful exploitation grants the attacker unauthorized access to the victim\u0027s account, potentially leading to information disclosure or privilege escalation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A flaw in Keycloak, when configured with `revokeRefreshToken=true` and persistent session storage, allows a remote attacker to regain unauthorized access. Following a full cluster restart, a previously revoked refresh token, if captured by an attacker, can be replayed to bypass security checks. This could lead to unauthorized account access, potentially resulting in information disclosure or privilege escalation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9802"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482467",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482467"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9802",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9802"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9802",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9802"
        }
      ],
      "release_date": "2026-05-28T04:10:26.145000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Mustafa \u00c7etin"
          ]
        }
      ],
      "cve": "CVE-2026-9803",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2026-05-28T04:02:15.892000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2482465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed \u0027Authorization: Bearer\u0027 header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Denial of Service via malformed Authorization header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A Moderate denial of service flaw was found in Keycloak\u0027s client registration endpoints. An unauthenticated attacker can send a specially crafted request with a malformed \u0027Authorization: Bearer\u0027 header, causing an ArrayIndexOutOfBoundsException and an HTTP 500 error. This can lead to a temporary disruption of service for the Keycloak instance.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9803"
        },
        {
          "category": "external",
          "summary": "RHBZ#2482465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482465"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9803",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9803"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9803",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9803"
        }
      ],
      "release_date": "2026-05-28T04:03:01.292000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "keycloak: Keycloak: Denial of Service via malformed Authorization header"
    },
    {
      "cve": "CVE-2026-37977",
      "cwe": {
        "id": "CWE-346",
        "name": "Origin Validation Error"
      },
      "discovery_date": "2026-04-06T07:49:33.467949+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2455324"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak\u0027s User-Managed Access (UMA) token endpoint. This flaw occurs because the `azp` claim from a client-supplied JSON Web Token (JWT) is used to set the `Access-Control-Allow-Origin` header before the JWT signature is validated. When a specially crafted JWT with an attacker-controlled `azp` value is processed, this value is reflected as the CORS origin, even if the grant is later rejected. This can lead to the exposure of low-sensitivity information from authorization server error responses, weakening origin isolation, but only when a target client is misconfigured with `webOrigins: [\"*\"]`.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Low impact: This vulnerability in Keycloak\u0027s UMA token endpoint allows for CORS header injection when a client is misconfigured with `webOrigins: [\"*\"]`. This can lead to the exposure of low-sensitivity information from authorization server error responses. Exploitation requires a specific client misconfiguration and does not affect default Keycloak installations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
          "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-37977"
        },
        {
          "category": "external",
          "summary": "RHBZ#2455324",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455324"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-37977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-37977"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-37977"
        }
      ],
      "release_date": "2026-04-06T08:34:01.137000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-25T17:40:47+00:00",
          "details": "Before applying the update, back up your existing installation,\nincluding all applications, configuration files, databases and\ndatabase settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.4:rhbk/keycloak-operator-bundle@sha256:dc6f5cde01bde313152b99cbead708160e43be14804f0ff768123fa9f54b4a4b_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:502c9e94ad138d062ca6e81de89284f5bcc0d27595b193498cf35f7e1bff9a40_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:8b4788a5f7e7687f3cc98a80407057a915d516aa79ff2e879780fa13e3be738f_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:bb723943f57bf3f1b02f8b67e3aff2043b30f867dbf90155a5596b954073f57e_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9-operator@sha256:c56fdf74f5055b2ed0aa1a5706f1fe5428692aaa4d107d2081fb7c6ee7d5ace0_s390x",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:05b207815e7e032115df73466875ac10436fb304bec7322e7a0a1a919901fdab_arm64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:183d2a02d613de6745e0741333c4d34d8544b74866efac9237c46f26114b8c66_ppc64le",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:70634542b3ae6f9c0593bd6a63d2e9fa4667c27d1cbf78c07bee4b1ebc1b6706_amd64",
            "9Base-RHBK-26.4:rhbk/keycloak-rhel9@sha256:d94079e34e41affcb63b6094781e9e0bb0c1e15ae2f24c93ad7bf6353937ec9a_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim"
    }
  ]
}

CVE-2026-9099 (GCVE-0-2026-9099)

Vulnerability from cvelistv5 – Published: 2026-06-25 16:16 – Updated: 2026-06-26 06:26

Title

Keycloak: group-admin escalation to realm-admin

Summary

Severity

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9099	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2480182	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.4-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-8 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.4	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-06-25 15:58

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9099",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T20:25:31.782558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T20:26:06.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.4-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-06-25T15:58:51.884Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild() endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 (FGAPv2) is enabled, an attacker with management rights over a single low-privilege group can reparent a highly privileged group (such as one possessing the realm-admin role) under their managed group.\n\nBecause group permissions follow a hierarchical structure, this action unauthorizedly grants the attacker management and password-reset capabilities over the members of the targeted privileged group. An attacker can exploit this to reset an administrator\u0027s password, compromise the account, and achieve a full realm takeover, leading to a complete compromise of confidentiality, integrity, and availability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:26:57.094Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "name": "RHSA-2026:30083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30083"
        },
        {
          "name": "RHSA-2026:30084",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30084"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9099"
        },
        {
          "name": "RHBZ#2480182",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480182"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-20T15:05:54.381Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-25T15:58:51.884Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: group-admin escalation to realm-admin",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, restrict network access to the Keycloak Admin REST API to only trusted networks or localhost. This limits the attack surface by preventing unauthorized access to the API endpoints required for exploitation. Consult your network security documentation for specific firewall or network access control configurations. This may impact remote administration capabilities."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9099",
    "datePublished": "2026-06-25T16:16:43.604Z",
    "dateReserved": "2026-05-20T15:12:25.740Z",
    "dateUpdated": "2026-06-26T06:26:57.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9704 (GCVE-0-2026-9704)

Vulnerability from cvelistv5 – Published: 2026-05-27 12:56 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

Summary

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:25097	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9704	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2481877	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.3-3 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.3	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-27 12:45

Credits

Red Hat would like to thank Filip Jovanov (PegasusMKD) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-27T15:29:17.278859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-27T15:29:26.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Filip Jovanov (PegasusMKD) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-27T12:45:59.735Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client\u0027s service account, leading to privilege escalation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:25.912Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9704"
        },
        {
          "name": "RHBZ#2481877",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481877"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-27T12:27:13.702Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-27T12:45:59.735Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: privilege escalation due to oversized subject_token jwt",
      "workarounds": [
        {
          "lang": "en",
          "value": "To prevent the silent dropping of oversized `subject_token` JWTs, configure Keycloak to enforce strict parameter validation. This involves setting the `fail-fast` parameter to `true` for the `TokenEndpoint` configuration, which will cause requests with oversized parameters to be rejected explicitly rather than silently processed with reduced privileges. Consult Keycloak documentation for the exact method to modify these settings. A restart of the Keycloak service may be necessary for the changes to apply."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9704",
    "datePublished": "2026-05-27T12:56:00.858Z",
    "dateReserved": "2026-05-27T12:39:12.284Z",
    "dateUpdated": "2026-06-26T06:46:25.912Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9705 (GCVE-0-2026-9705)

Vulnerability from cvelistv5 – Published: 2026-06-25 16:17 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token

Summary

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-613 - Insufficient Session Expiration

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9705	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2481878	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.4-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-8 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.4	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-06-25 15:59

Credits

Red Hat would like to thank Qiulin Deng for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.4-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Qiulin Deng for reporting this issue."
        }
      ],
      "datePublic": "2026-06-25T15:59:03.780Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u0027s client registration service. A remote attacker, possessing a previously issued Registration Access Token (RAT), could exploit this vulnerability to re-enable a client that an administrator had explicitly disabled. This bypasses security controls, allowing the attacker to reset the client\u0027s secret and potentially regain privileged API access. The primary impact includes unauthorized information disclosure and potential integrity compromise."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:29.107Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "name": "RHSA-2026:30083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30083"
        },
        {
          "name": "RHSA-2026:30084",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30084"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9705"
        },
        {
          "name": "RHBZ#2481878",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481878"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-27T12:42:28.395Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-06-25T15:59:03.780Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: attacker can re-enable and take over disabled clients via registration access token",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, restrict network access to the Keycloak Dynamic Client Registration endpoint. Configure network firewalls to allow connections only from trusted hosts or networks that legitimately require access to this functionality. This limits the exposure of the vulnerable endpoint to unauthorized access attempts."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-613: Insufficient Session Expiration"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9705",
    "datePublished": "2026-06-25T16:17:46.330Z",
    "dateReserved": "2026-05-27T12:48:48.084Z",
    "dateUpdated": "2026-06-26T06:46:29.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9791 (GCVE-0-2026-9791)

Vulnerability from cvelistv5 – Published: 2026-05-28 03:27 – Updated: 2026-06-26 06:46

Title

Keycloak-rhel9: organization data leak after feature disabled in keycloak

Summary

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-863 - Incorrect Authorization

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:25097	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9791	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482458	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.3-3 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.3	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-28 03:08

Credits

Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9791",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T12:18:58.165713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T12:19:24.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T03:08:53.319Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the \u0027organization\u0027 scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:31.401Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9791"
        },
        {
          "name": "RHBZ#2482458",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482458"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:06:33.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T03:08:53.319Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-rhel9: organization data leak after feature disabled in keycloak",
      "workarounds": [
        {
          "lang": "en",
          "value": "Administrators should verify that disabling the Organizations feature properly blocks all organization-related functionality. Consider implementing additional access controls or removing organization memberships before disabling the feature."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-863: Incorrect Authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9791",
    "datePublished": "2026-05-28T03:27:08.241Z",
    "dateReserved": "2026-05-28T03:07:29.305Z",
    "dateUpdated": "2026-06-26T06:46:31.401Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9792 (GCVE-0-2026-9792)

Vulnerability from cvelistv5 – Published: 2026-05-28 03:44 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition

Summary

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-280 - Improper Handling of Insufficient Permissions or Privileges

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:25097	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9792	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482459	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.3-3 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.3	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-28 03:10

Credits

Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-29T18:32:16.047044Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-29T18:32:37.326Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T03:10:21.828Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u0027s Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:34.782Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9792"
        },
        {
          "name": "RHBZ#2482459",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482459"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:09:09.710Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T03:10:21.828Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, Keycloak administrators should review and adjust client policies designed to reject Resource Owner Password Credentials (ROPC) grants. Avoid using the `client-type`, `client-roles`, `client-attributes`, or `client-scopes` condition providers in conjunction with the `reject-ropc-grant` executor. Instead, configure policies to use the `grant-type` condition provider for ROPC rejection. A restart or reload of the Keycloak service may be required for these policy changes to take full effect."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-280: Improper Handling of Insufficient Permissions or Privileges"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9792",
    "datePublished": "2026-05-28T03:44:18.671Z",
    "dateReserved": "2026-05-28T03:09:25.012Z",
    "dateUpdated": "2026-06-26T06:46:34.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9794 (GCVE-0-2026-9794)

Vulnerability from cvelistv5 – Published: 2026-05-28 03:44 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: information disclosure via saml ecp endpoint

Summary

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-209 - Generation of Error Message Containing Sensitive Information

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:25097	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9794	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482461	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.3-3 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.3	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-28 03:15

Credits

Red Hat would like to thank Asaad Mostafa and Muhammed Hussein for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:00:49.126374Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:00:57.976Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Asaad Mostafa and Muhammed Hussein for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T03:15:43.066Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced Client or Proxy) endpoint with varying client IDs. By observing distinct faultstrings in the responses, the attacker can determine the client\u0027s protocol type, leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:36.028Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9794"
        },
        {
          "name": "RHBZ#2482461",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482461"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:14:55.617Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T03:15:43.066Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: information disclosure via saml ecp endpoint",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-209: Generation of Error Message Containing Sensitive Information"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9794",
    "datePublished": "2026-05-28T03:44:20.414Z",
    "dateReserved": "2026-05-28T03:15:11.408Z",
    "dateUpdated": "2026-06-26T06:46:36.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9795 (GCVE-0-2026-9795)

Vulnerability from cvelistv5 – Published: 2026-05-28 03:49 – Updated: 2026-06-26 06:26

Title

Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

Summary

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-266 - Incorrect Privilege Assignment

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9795	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482462	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.4-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-8 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.4	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-28 03:16

Credits

Red Hat would like to thank Andrej Tomci for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9795",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T13:12:16.430735Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T13:12:24.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.4-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Andrej Tomci for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T03:16:49.326Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u0027s Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client\u0027s scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user\u0027s authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:26:57.665Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "name": "RHSA-2026:30083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30083"
        },
        {
          "name": "RHSA-2026:30084",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30084"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9795"
        },
        {
          "name": "RHBZ#2482462",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482462"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:15:51.639Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T03:16:49.326Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: privilege escalation via improper scope mapping enforcement",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, disable the Fine-Grained Admin Permissions (FGAPv2) feature in Keycloak if it is not strictly required. This can typically be done by setting `adminPermissionsEnabled` to `false` in the realm configuration. Disabling FGAPv2 will prevent the exploitation of this flaw by removing the vulnerable functionality. However, this may impact administrative delegation capabilities within Keycloak. A restart or reload of the Keycloak service may be required for the changes to take effect."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-266: Incorrect Privilege Assignment"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9795",
    "datePublished": "2026-05-28T03:49:10.874Z",
    "dateReserved": "2026-05-28T03:16:18.721Z",
    "dateUpdated": "2026-06-26T06:26:57.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9799 (GCVE-0-2026-9799)

Vulnerability from cvelistv5 – Published: 2026-06-25 16:17 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass

Summary

Severity

4.6 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9799	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482471	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.4-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-8 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.4	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-19 12:34

Credits

Red Hat would like to thank Omaroo Baniessa for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9799",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T02:06:38.303071Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T02:06:55.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.4-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Omaroo Baniessa for reporting this issue."
        }
      ],
      "datePublic": "2026-05-19T12:34:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to all resources of that type within the same resource server, even if they do not have a ticket for those specific resources. This vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:38.312Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "name": "RHSA-2026:30083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30083"
        },
        {
          "name": "RHSA-2026:30084",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30084"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9799"
        },
        {
          "name": "RHBZ#2482471",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482471"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:53:15.687Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-19T12:34:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this issue, ensure that the Keycloak client\u0027s policy enforcement mode is set to ENFORCING instead of PERMISSIVE. The PERMISSIVE mode is a non-default configuration that enables the vulnerability. Changing this setting will prevent the unauthorized access to resources of the same type. Consult Keycloak documentation for specific instructions on configuring policy enforcement mode for your client. This change may require a restart or reload of the Keycloak service to take effect and could impact existing authorization policies if not carefully managed."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9799",
    "datePublished": "2026-06-25T16:17:48.486Z",
    "dateReserved": "2026-05-28T03:53:25.960Z",
    "dateUpdated": "2026-06-26T06:46:38.312Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9800 (GCVE-0-2026-9800)

Vulnerability from cvelistv5 – Published: 2026-06-25 16:16 – Updated: 2026-06-26 06:26

Title

Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

Summary

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-1025 - Comparison Using Wrong Factors

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30083	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9800	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482472	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.4-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-8 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.4	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-19 00:00

Credits

Red Hat would like to thank Bas Levering for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9800",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T17:27:58.852057Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T17:29:38.796Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.4-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Bas Levering for reporting this issue."
        }
      ],
      "datePublic": "2026-05-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1025",
              "description": "Comparison Using Wrong Factors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:26:58.221Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "name": "RHSA-2026:30083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30083"
        },
        {
          "name": "RHSA-2026:30084",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30084"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9800"
        },
        {
          "name": "RHBZ#2482472",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482472"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T03:57:56.111Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-19T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1025: Comparison Using Wrong Factors"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9800",
    "datePublished": "2026-06-25T16:16:27.069Z",
    "dateReserved": "2026-05-28T04:00:06.454Z",
    "dateUpdated": "2026-06-26T06:26:58.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-9801 (GCVE-0-2026-9801)

Vulnerability from cvelistv5 – Published: 2026-05-28 04:42 – Updated: 2026-06-26 06:46

Title

Keycloak: keycloak: denial of service via malformed ldap password policy response

Summary

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1284 - Improper Validation of Specified Quantity in Input

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:25097	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:25098	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30049	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30050	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-9801	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482473	issue-trackingx_refsource_REDHAT

Impacted products

6 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-19 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.13	cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6.3-3 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6	Unaffected: 26.6-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.6::el9
Red Hat	Red Hat build of Keycloak 26.6.3	cpe:/a:redhat:build_keycloak:26.6::el9

Date Public

2026-05-28 04:18

Credits

Red Hat would like to thank Seongkuk Park for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-30T01:53:56.832854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-30T01:54:07.920Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-19",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.13",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6.3-3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.6",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.6-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.6::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.6.3",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Seongkuk Park for reporting this issue."
        }
      ],
      "datePublic": "2026-05-28T04:18:25.872Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T06:46:40.611Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:25097",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25097"
        },
        {
          "name": "RHSA-2026:25098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:25098"
        },
        {
          "name": "RHSA-2026:30049",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30049"
        },
        {
          "name": "RHSA-2026:30050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:30050"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-9801"
        },
        {
          "name": "RHBZ#2482473",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482473"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-28T04:00:39.339Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-28T04:18:25.872Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: denial of service via malformed ldap password policy response",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability, ensure that Keycloak\u0027s LDAP user-storage providers are configured to connect only to trusted and secure LDAP servers. Avoid configuring LDAP federation with unverified or potentially malicious LDAP endpoints. Additionally, always use TLS for LDAP connections to prevent Man-in-the-Middle attacks. If an upstream LDAP server is compromised, it should be isolated and secured immediately."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-9801",
    "datePublished": "2026-05-28T04:42:10.331Z",
    "dateReserved": "2026-05-28T04:00:46.722Z",
    "dateUpdated": "2026-06-26T06:46:40.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:30050

CVE-2026-9099 (GCVE-0-2026-9099)

CVE-2026-9704 (GCVE-0-2026-9704)

CVE-2026-9705 (GCVE-0-2026-9705)

CVE-2026-9791 (GCVE-0-2026-9791)

CVE-2026-9792 (GCVE-0-2026-9792)

CVE-2026-9794 (GCVE-0-2026-9794)

CVE-2026-9795 (GCVE-0-2026-9795)

CVE-2026-9799 (GCVE-0-2026-9799)

CVE-2026-9800 (GCVE-0-2026-9800)

CVE-2026-9801 (GCVE-0-2026-9801)

Tags

Sightings

Nomenclature