Keycloak: keycloak: privilege escalation via improper scope mapping enforcement
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.
AV:NAttack VectorAC:HAttack ComplexityPR:HPrivileges RequiredUI:RUser InteractionS:CScopeC:HConfidentialityI:HIntegrityA:NAvailabilityGet the full picture for CVE-2026-9795 and every CVE in our database. Create a free account — no credit card required.
Create Free Account