Skip to main content

Keycloak EUVD-2026-32300

| CVE-2026-9704 MEDIUM
Improper Validation of Specified Quantity in Input (CWE-1284)
2026-05-27 secalert@redhat.com GHSA-rr5q-3xwr-f323
Privilege Escalation
6.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 21:17 vuln.today

DescriptionNVD

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.

AnalysisAI

Privilege escalation in Keycloak exposes service account permissions to authenticated low-privilege users through a silent JWT size-check failure at the TokenEndpoint. When a subject_token JWT exceeding 4000 characters is submitted, Keycloak silently discards it and falls back to client credentials - granting the attacker the permissions of the client's service account without any explicit authorization decision. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-32300 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy