CVE-2026-3121

Medium CVSS: 6.5

A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.

Vendor

Redhat

Product

Build Of Keycloak

CWE

CWE-266

Yayın Tarihi

2026-03-26 19:17:06

Güncelleme

2026-04-02 14:16:31

Source Identifier

secalert@redhat.com

KEV Date Added

Kategoriler

CWE-266 Build Of Keycloak MEDIUM Redhat 2026

Referanslar

https://access.redhat.com/errata/RHSA-2026:6477 https://access.redhat.com/errata/RHSA-2026:6478 https://access.redhat.com/security/cve/CVE-2026-3121 https://bugzilla.redhat.com/show_bug.cgi?id=2442277

Benzer Kayıtlar

High

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more…

High

CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where…

Medium

CVE-2026-3190

A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to…

Low

CVE-2026-4874

A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating t…

Low

CVE-2026-4633

A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login…

Medium

CVE-2026-4628

A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_…