CVE-2026-9799 Keycloak: keycloak: unauthorized access to resources via uma permission ticket bypass
A flaw was found in org.keycloak.authorization. An authenticated user with a granted User-Managed Access UMA permission ticket for one resource can exploit this by using a specific permission request prefix to bypass per-resource access control. This allows the user to gain unauthorized access to...