CVE-2026-11577

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions (FGAP), which are detailed permissions that restrict administrative actions to specific resources. By utilizing the 'POST /admin/realms/{realm}/partialImport' endpoint, an attacker can escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.