Authorization Policy Bypass in Keycloak Policy Enforcer by Red Hat
CVE-2026-9800
8.1HIGH
What is CVE-2026-9800?
A flaw in Keycloak's Policy Enforcer enables authenticated users to bypass crucial authorization policies, circumventing controls such as role, scope, and User-Managed Access (UMA) permissions. This vulnerability is exploited by appending the designated access-denied page path within a request URL, either as a segment or a query parameter. Consequently, this allows attackers to gain unauthorized access to sensitive resources, highlighting a significant risk for applications utilizing Keycloak for authentication and authorization.
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Bas Levering for reporting this issue.