JWT Algorithm Confusion in Keycloak Affects User Access Control
CVE-2026-11800

8.1HIGH

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Keycloak 26.6
Red Hat Build Of Keycloak 26.6.4
Red Hat Build Of Keycloak
Red Hat Data Grid 8
Vendor
CVE Published:
25 June 2026

What is CVE-2026-11800?

A flaw has been identified in Keycloak that allows attackers with valid client credentials to exploit a weakness in the JWT Authorization Grant flow. This vulnerability permits an attacker to bypass signature verification and forge access tokens. Consequently, the attacker can impersonate any federated user associated with the compromised Identity Provider, resulting in unauthorized access and the potential for privilege escalation.

Affected Version(s)

Red Hat build of Keycloak 26.6 26.6.4-2

Red Hat build of Keycloak 26.6 26.6-8

Red Hat build of Keycloak 26.6 26.6-8

References

https://access.redhat.com/errata/RHSA-2026:30083
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:30084
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-11800
vdb-entryx_refsource_REDHAT

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Bilal Teke for reporting this issue.
.