PT-2026-53862 · Red Hat · Red Hat Build Of Keycloak
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-4629
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N |
A flaw was found in Keycloak. A highly privileged user with
manage-clients permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the realm-admin role into generated tokens, resulting in privilege escalation and full administrative access to the realm.Fix
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Build Of Keycloak