Red Hat · Keycloak · CVE-2026-9795
**Name of the Vulnerable Software and Affected Versions**
Keycloak (affected versions not specified)
**Description**
A flaw exists in the Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can assign any realm role, including highly privileged ones, to a client's scope mapping. This bypasses security controls, allowing the injected role to be included in a user's authentication token during client access, which can lead to unauthorized privilege escalation within the realm.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.