Skip to main content

Red Hat Keycloak CVE-2026-9791

| EUVD-2026-32701 MEDIUM
Incorrect Authorization (CWE-863)
2026-05-28 redhat GHSA-4q93-v92x-p89f
Authentication Bypass
4.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 28, 2026 - 05:00 vuln.today

DescriptionNVD

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

AnalysisAI

Incorrect authorization enforcement in Red Hat Build of Keycloak allows an authenticated user with existing organization membership to retrieve organization metadata through the account API or via OIDC token requests using the 'organization' scope, even when an administrator has explicitly disabled the Organizations feature. The flaw (CWE-863) means the feature-disabled state is not enforced at the data-access layer, so tokens and API responses continue to carry organization claims. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-9791 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy