What is the CVSS score of EUVD-2026-35058?

EUVD-2026-35058 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Keycloak are affected by EUVD-2026-35058?

A privilege escalation vulnerability in the user import endpoint of an identity management platform allows attackers to gain full administrative access, directly compromising the access control…

How to fix or mitigate EUVD-2026-35058?

Within 24 hours: identify all affected deployments, restrict network access to the /partialImport endpoint, and enable comprehensive audit logging. Within 7 days: audit all user import activities from the past 90 days and verify all administrative role assignments for legitimacy. Within 30 days: obtain patching timeline from vendor and implement interim access restrictions or evaluate alternative identity management solutions pending remediation.

Keycloak EUVD-2026-35058

| CVE-2026-11577 HIGH

Incorrect Authorization (CWE-863)

2026-06-08 redhat

GHSA-p5q4-94mg-325p

Authentication Bypass Red Hat Build Of Keycloak Red Hat Data Grid 8 Red Hat Jboss Enterprise Application Platform 8 Red Hat Jboss Enterprise Application Platform Expansion Pack Red Hat Single Sign On 7 Red Hat

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Red Hat

7.2 HIGH

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 08, 2026 - 13:20 vuln.today

DescriptionCVE.org

A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.

AnalysisAI

{realm}/partialImport endpoint to bypass Fine-Grained Admin Permissions (FGAP) and promote themselves to full realm administrator. The flaw is an improper authorization check (CWE-863) on imported users carrying realm-admin role mappings. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as limited FGAP admin

Delivery

Craft partialImport JSON with realm-admin role mapping

Exploit

POST to /admin/realms/{realm}/partialImport

Execution

Server imports user without FGAP re-check

Persist

Impact

Exercise full realm-admin privileges

Access

Authenticate as limited FGAP admin

Delivery

Craft partialImport JSON with realm-admin role mapping

Exploit

POST to /admin/realms/{realm}/partialImport

Execution

Server imports user without FGAP re-check

Persist

Impact

Exercise full realm-admin privileges

Vulnerability AssessmentAI

Exploitation	Exploitation requires (1) an authenticated account on the target Keycloak realm that already holds a Fine-Grained Admin Permission allowing it to call POST /admin/realms/{realm}/partialImport (typically a delegated/limited realm administrator with manage-users or manage-realm scope), (2) network reachability to the Keycloak admin REST API, and (3) a realm configuration in which FGAP is actually used to delegate partial admin rights - single-tenant deployments where only full realm-admins exist gain nothing from the bypass. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.2 with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H is consistent with the description: network-reachable admin API, low complexity, but requires an already-authenticated high-privilege account (a delegated realm admin), which is what limits real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A tenant in a shared Keycloak deployment is granted a delegated admin account with FGAP scoped to manage only their own users. The attacker authenticates to the admin console, sends a POST to /admin/realms/{realm}/partialImport with a JSON payload containing a new user whose realmRoles include realm-admin, and Keycloak imports the user without re-checking that the calling admin is authorized to assign that role - the attacker then logs in as the imported user and exercises full realm-admin control. …
Remediation	No vendor-released patch version was provided in the input, so treat fix status as patch availability to be confirmed via the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-11577 and Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2459993, and via the upstream tracker https://github.com/keycloak/keycloak/issues/9387 - apply the fixed build for your specific product (Red Hat Build of Keycloak, RH-SSO 7, JBoss EAP 8, EAP Expansion Pack, or Data Grid 8) as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all affected deployments, restrict network access to the /partialImport endpoint, and enable comprehensive audit logging. …

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

EUVD-2026-35058 vulnerability details – vuln.today

Back

Keycloak EUVD-2026-35058

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Vendor StatusVendor

Share

External POC / Exploit Code