EUVD-2026-14389

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

GHSA-4PGC-GFRR-WCMG Keycloak has Improper Access Control that allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...

CVE-2026-4628

Keycloak contains an improper access control flaw in the UMA resource_set endpoint. The vulnerability arises from incomplete enforcement of access checks on PUT operations, allowing authenticated users to bypass allowRemoteResourceManagement=false and modify protected resources, compromising data...

CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access UMA resourceset endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control chec...