Token Replay Vulnerability in Keycloak by Red Hat
CVE-2026-9802

6.8MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Keycloak
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-9802?

A vulnerability exists in Keycloak that could allow remote attackers to exploit a flaw related to refresh token management. When the revokeRefreshToken option is enabled alongside persistent session storage, a server restart may disrupt internal timing mechanisms. This situation enables attackers who have previously intercepted a user's refresh token to replay it, even after the token has been invalidated. Successful exploitation can provide unauthorized account access, leading to potential information disclosure or privilege escalation risks for affected users.

References

https://access.redhat.com/security/cve/CVE-2026-9802

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2482467

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 28, 2026

Credit

Red Hat would like to thank Gyeongpyo Son for reporting this issue.

CVE-2026-9802 Data

JSON