Lucene search
K

31 matches found

NVD
NVD
added last week9 views

CVE-2026-4629

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS0.0024EPSS
Exploits1References2
EUVD
EUVD
added last week6 views

EUVD-2026-40300

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS5.7AI score0.0024EPSS
Exploits1References2
Cvelist
Cvelist
added last week35 views

CVE-2026-4629 Keycloak: keycloak: privilege escalation through hardcoded role mapper injection

A flaw was found in Keycloak. A highly privileged user with manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens,...

6.5CVSS0.0024EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 4:27 a.m.11 views

EUVD-2026-32716

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 4:27 a.m.78 views

CVE-2026-9796

This CVE (CVE-2026-9796) affects Keycloak. An authenticated administrator with the manage-clients role can trigger a TOCTOU flaw in the name-based admin role checks, allowing escalation to realm-admin for all users in the realm. The compromised composite role relationship persists after the attac...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 4:27 a.m.36 views

CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 4:27 a.m.7 views

CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 4:27 a.m.9 views

CVE-2026-9796

A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...

6.5CVSS5.7AI score0.00186EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. There is a security vulnerability in Keycloak. This vulnerability stems from the fact that authenticated administrators with the manage-clients role can exploit the vulnerability in the name-based...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44187

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An authenticated administrator possessing the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU flaw in name-based admin role checks. TOCTOU is a race condition where a...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/02 1:54 p.m.5 views

keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/26 9:31 p.m.9 views

EUVD-2026-16307

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/26 9:31 p.m.3 views

Keycloak: manage-clients permission escalates to full realm admin access

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/26 9:31 p.m.2 views

GHSA-7XF9-4JFC-WGM4 Keycloak: manage-clients permission escalates to full realm admin access

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References8
NVD
NVD
added 2026/03/26 7:17 p.m.3 views

CVE-2026-3121

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS0.00471EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 7:13 p.m.21 views

CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

6.5CVSS0.00471EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 7:13 p.m.4 views

CVE-2026-3121

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 7:13 p.m.23 views

CVE-2026-3121

CVE-2026-3121 describes privilege escalation in Keycloak where an administrator with manage-clients permission can leverage a misconfiguration to gain full realm admin access when realm-level admin permissions are enabled. Connected Red Hat advisories (RHSA-2026:6478, RHSA-6477, and RHSA-6477-CVE...

7.2CVSS5.8AI score0.00471EPSS
Exploits0References4Affected Software4
Vulnrichment
Vulnrichment
added 2026/03/26 7:13 p.m.4 views

CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

6.5CVSS5.8AI score0.00471EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.33 views

PT-2026-28426

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak where an administrator possessing manage-clients permission can exploit a misconfiguration. This misconfiguration arises when the manage-clients permission is...

6.5CVSS5.9AI score0.00471EPSS
Exploits0References8
Rows per page
Query Builder