HIGH 7.3
GHSA-32h4-44jj-c5vx
Keycloak has privilege escalation via improper scope mapping enforcement
Details
### Description A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.
Are you affected?
Enter the version of the package you're using.
Affected packages
Maven / org.keycloak:keycloak-services
Introduced in:
0 Fixed in: 26.6.4 Fix
# pom.xml: bump <version>26.6.4</version> for org.keycloak:keycloak-services References
- https://github.com/keycloak/keycloak/security/advisories/GHSA-32h4-44jj-c5vx [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-9795 [ADVISORY]
- https://github.com/keycloak/keycloak/issues/50350 [WEB]
- https://github.com/keycloak/keycloak/pull/50451 [WEB]
- https://github.com/keycloak/keycloak/commit/8894c027e788904c740ff9a1a60fcfaa34a10d13 [WEB]
- https://access.redhat.com/errata/RHSA-2026:30049 [WEB]
- https://access.redhat.com/errata/RHSA-2026:30050 [WEB]
- https://access.redhat.com/errata/RHSA-2026:30083 [WEB]
- https://access.redhat.com/errata/RHSA-2026:30084 [WEB]
- https://access.redhat.com/security/cve/CVE-2026-9795 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2482462 [WEB]
- https://github.com/keycloak/keycloak [PACKAGE]
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9795.json [WEB]