How is CVE-2026-9795 exploited?

Network reachability (required): The Keycloak admin console must be reachable over the network; the attacker sends the malicious scope-mapping request from a remote client. Authentication (required): The attacker must hold an existing admin account with at least limited client management permissions; a fully unprivileged account is not sufficient. Victim interaction (required): A legitimate user must authenticate through the modified client for the injected role to be projected into their token, requiring that user to take a normal login action. Attack complexity (info): Attack complexity is high, meaning the attacker must navigate specific conditions around FGAPv2 permission boundaries and timing to successfully inject the scope mapping without detection.

What is the impact of CVE-2026-9795?

A user authenticating through the tampered client receives a token carrying highly privileged realm roles they were never assigned, giving them administrative or elevated access within the Keycloak realm. The injected role can be used downstream by any service that trusts Keycloak-issued tokens, propagating the privilege escalation beyond the identity layer into protected APIs and applications. Realm-level security boundaries set by the Keycloak administrator are silently bypassed, meaning audit logs may show normal logins while the underlying permissions are inflated.

Back to search

HIGHCVE-2026-9795Published 2026-05-28Modified 2026-05-28CNA redhat

CVE-2026-9795: Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.

HarborGuard Analysis

HarborGuard analysis

Synopsis

This is a privilege escalation vulnerability in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) feature. An authenticated administrator with limited client management rights can assign any realm role, including highly privileged ones, to a client's scope mapping, bypassing intended access controls. If a user then authenticates through the modified client, the injected role appears in their token, granting them privileges they were never intended to hold. No fix version has been published yet; HarborGuard tracks the advisory and will make a patched-image rebuild available the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds (including Red Hat's advisory stream) within minutes of publication and matched against customer images, including custom-built Keycloak-based images, in both registry scans and CI pipeline checks.

Available

Triage

Triage is available with CVSS 7.3 HIGH severity scoring applied automatically; per-environment compliance policy weighting can elevate or adjust alert priority, and findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Red Hat publishes a fix. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The Keycloak admin console must be reachable over the network; the attacker sends the malicious scope-mapping request from a remote client.
AuthenticationRequired
The attacker must hold an existing admin account with at least limited client management permissions; a fully unprivileged account is not sufficient.
Victim interactionRequired
A legitimate user must authenticate through the modified client for the injected role to be projected into their token, requiring that user to take a normal login action.
Attack complexityDetail
Attack complexity is high, meaning the attacker must navigate specific conditions around FGAPv2 permission boundaries and timing to successfully inject the scope mapping without detection.

Blast Radius

A user authenticating through the tampered client receives a token carrying highly privileged realm roles they were never assigned, giving them administrative or elevated access within the Keycloak realm.
The injected role can be used downstream by any service that trusts Keycloak-issued tokens, propagating the privilege escalation beyond the identity layer into protected APIs and applications.
Realm-level security boundaries set by the Keycloak administrator are silently bypassed, meaning audit logs may show normal logins while the underlying permissions are inflated.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix has been published for this CVE, HarborGuard monitors the Red Hat advisory on every ingest cycle and will make a patched-image rebuild available automatically as soon as a fix version is released. For customers with auto-remediation enabled, the rebuild, regression-test run, and PR against affected workloads will trigger without manual action. In the meantime, compensating controls available for consideration include applying Keycloak network policies to restrict admin console access to trusted internal CIDRs only, tightening FGAPv2 role assignments so that client management permissions are granted only to fully trusted administrators, and enabling egress filtering on Keycloak pods to limit lateral movement if an account is compromised. HarborGuard will surface any compliance-policy breach triggered by the absence of a patched image and will notify configured owner inboxes when the upstream fix lands.

See how HarborGuard automates this

CVSS v3.1: 7.3
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Red Hat / Red Hat Build of Keycloak

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

References