What is the CVSS score of CVE-2026-0871?

CVE-2026-0871 has a CVSS 3.1 base score of 4.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Build Of Keycloak are affected by CVE-2026-0871?

Organizations using A flaw should be aware of moderate risk from CVE-2026-0871 rated CVSS 4.9. Exploitation could compromise the security of affected deployments.. A patch is available.

Build Of Keycloak CVE-2026-0871

MEDIUM

Incorrect Privilege Assignment (CWE-266)

2026-02-27 secalert@redhat.com

GHSA-v4jw-m6rm-399h

Authentication Bypass Red Hat Build Of Keycloak Keycloak

4.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

CVE Published

Feb 27, 2026 - 08:17 nvd

MEDIUM 4.9

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

57 maven packages depend on org.keycloak:keycloak-server-spi-private (26 direct, 31 indirect)

Ecosystem-wide dependent count for version 26.5.2.

DescriptionNVD

A flaw was found in Keycloak. An administrator with manage-users permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

AnalysisAI

Build Of Keycloak contains a vulnerability that allows attackers to unauthorized changes to user profiles, even when the system is configured to res (CVSS 4.9).

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory