PT-2026-27067 · Red Hat · Keycloak
Osidb Bzimport
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2026-4628
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Keycloak (affected versions not specified)
Description
An improper Access Control issue exists in Keycloak’s User-Managed Access (UMA) resource set endpoint. Attackers possessing valid credentials can circumvent the
allowRemoteResourceManagement=false restriction due to insufficient enforcement of access control checks during PUT operations to the resource set endpoint. This allows unauthorized modification of protected resources, potentially compromising data integrity. The affected API endpoint is the resource set endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keycloak