Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12 matches found

NVD
NVDadded 2026/05/28 5:16 a.m.14 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00223EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/28 3:49 a.m.7 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/28 3:49 a.m.32 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00223EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/28 3:49 a.m.51 views

EUVD-2026-32710

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/28 3:49 a.m.11 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References3
Snyk
Snykadded 2026/05/28 3:16 a.m.5 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via improper enforcement of scope mapping in the Fine-Grained Admin Permission...

7.3CVSS6AI score0.00223EPSS
Exploits0References2
NVD
NVDadded 2026/04/22 9:17 p.m.5 views

CVE-2026-41166

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

7CVSS0.00285EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/22 8:31 p.m.6 views

EUVD-2026-25096

OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the...

7CVSS5.7AI score0.00285EPSS
Exploits1References2
OSV
OSVadded 2026/04/22 2:38 p.m.2 views

GHSA-49VV-25QX-MG44 OpenRemote has Improper Access Control via updateUserRealmRoles function

Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...

7CVSS5.7AI score0.00285EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/04/22 2:38 p.m.4 views

OpenRemote has Improper Access Control via updateUserRealmRoles function

Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...

7CVSS5.7AI score0.00285EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.8 views

PT-2026-34526

Summary A user who has write:admin in one Keycloak realm can call the Manager API to update Keycloak realm roles for users in another realm, including master. The handler uses the realm path segment when talking to the identity provider but does not check that the caller may administer that realm...

7CVSS5.7AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/22 12:0 a.m.5 views

PT-2026-34453

Name of the Vulnerable Software and Affected Versions OpenRemote versions prior to 1.22.1 Description A user possessing the write:admin role in one Keycloak realm can utilize the Manager API to update Keycloak realm roles for users in a different realm, including the master realm. The issue exist...

7CVSS5.8AI score0.00285EPSS
Exploits1References7
Rows per page
Query Builder