CVE-2026-0871

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description An issue exists in Keycloak where an administrator possessing manage-users permission can circumvent the intended restriction of the "Only administrators can view" setting for unmanaged attributes. This bypass allows administrators to modify these attributes, potentially leading to unauthorized changes to user profiles despite system configurations designed to prevent such modifications. The issue involves improper access control.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.