Skip to main content

Red Hat Build Of Keycloak EUVD-2026-16307

| CVE-2026-3121 MEDIUM
Incorrect Privilege Assignment (CWE-266)
2026-03-26 redhat GHSA-7xf9-4jfc-wgm4
Privilege Escalation Red Hat Build Of Keycloak Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Red Hat
6.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 19:16 euvd
EUVD-2026-16307
Analysis Generated
Mar 26, 2026 - 19:16 vuln.today
CVE Published
Mar 26, 2026 - 19:13 nvd
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 44 maven packages depend on org.keycloak:keycloak-services (16 direct, 28 indirect)

Ecosystem-wide dependent count for version 26.5.6.

DescriptionCVE.org

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.

AnalysisAI

Keycloak allows authenticated administrators with manage-clients permission to escalate privileges to manage-permissions level, enabling unauthorized control over roles, users, and administrative functions within a realm. Red Hat Build of Keycloak, JBoss Enterprise Application Platform 8, and Red Hat Single Sign-On 7 are affected when admin permissions are enabled at the realm level. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS 3.1 vector (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) indicates network-accessible attack surface with low complexity but high privilege requirement, causing high confidentiality and integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A rogue or compromised administrator account with manage-clients permission (typically granted for OAuth2 client management responsibilities) can exploit this misconfiguration to escalate privileges without additional authorization. The attacker can directly leverage the manage-clients permission to modify realm-level access control policies, create new administrative roles, assign themselves to higher-privilege roles, or modify existing user permissions-all without detect through standard admin permission change workflows. …
Remediation Upgrade Keycloak and dependent components (Red Hat Build of Keycloak, JBoss EAP 8, and Red Hat Single Sign-On 7) to patched versions as specified in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-3121. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

Debian

Bug #1088287
keycloak
Release Status Fixed Version Urgency
open - -

Share

EUVD-2026-16307 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy