Privilege Escalation Vulnerability in Keycloak by Red Hat
CVE-2026-9796

6.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9796?

A Time-of-check to time-of-use (TOCTOU) vulnerability exists in Keycloak that allows an authenticated administrator with the manage-clients role to exploit name-based admin role checks. This flaw enables the attacker to escalate their privileges to realm-admin, resulting in comprehensive control over all users within the realm. Notably, the composite role relationship remains effective even if the attacker's own permissions are subsequently revoked, and it persists across system reboots, presenting significant security risks for affected installations.

References

https://access.redhat.com/security/cve/CVE-2026-9796

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2482464

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 28, 2026

Credit

Red Hat would like to thank Daniel Peters (Operating Intelligence Inc.), Lior Moshe (Operating Intelligence Inc.), and Uri Rolls (Operating Intelligence Inc.) for reporting this issue.

CVE-2026-9796 Data

JSON