CVE-2026-3121

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak where an administrator possessing manage-clients permission can exploit a misconfiguration. This misconfiguration arises when the manage-clients permission is equivalent to manage-permissions, enabling the administrator to escalate privileges. This privilege escalation allows gaining control over roles, users, or other administrative functions within the realm. The issue occurs when administrator permissions are enabled at the realm level. The vulnerable permission is manage-clients.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.