Privilege Escalation Vulnerability in Keycloak by Red Hat
CVE-2026-9704

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-9704?

A vulnerability exists in Keycloak that allows an authenticated user with limited privileges to execute a privilege escalation attack. This occurs when a user sends a JSON Web Token (JWT) exceeding the 4000-character limit to the TokenEndpoint. If the token is oversized, the system does not process it correctly and defaults to using client credentials, inadvertently granting the user the permissions associated with the client's service account. This flaw poses a significant risk of unauthorized access and should be addressed promptly.

References

https://access.redhat.com/security/cve/CVE-2026-9704

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2481877

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 27, 2026

Credit

Red Hat would like to thank Filip Jovanov (PegasusMKD) for reporting this issue.

CVE-2026-9704 Data

JSON