CVE-2026-9799: Authorization Bypass Through User-Controlled Key in Red Hat Red Hat Build of Keycloak
CVE-2026-9799 is a medium-severity vulnerability in Red Hat Build of Keycloak where an authenticated user with a User-Managed Access (UMA) permission ticket for one resource can bypass per-resource access controls. This occurs when the resource server is configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled without explicit policies protecting the resource type. Exploitation allows unauthorized access to all resources of that type within the same resource server, potentially leading to information disclosure or modification.
AI Analysis
Technical Summary
This vulnerability arises from a flaw in the org.keycloak.authorization component of Red Hat Build of Keycloak. An authenticated user granted a UMA permission ticket for a specific resource can exploit a crafted permission request prefix to bypass access controls that are intended to restrict access on a per-resource basis. The bypass is possible only if the resource server is in PERMISSIVE policy enforcement mode and the resource type is ownerManagedAccess enabled without explicit policies. The result is unauthorized access to all resources of that type on the resource server, even without tickets for those resources.
Potential Impact
The vulnerability allows unauthorized information disclosure and modification of resources within the affected resource server. The attacker must be authenticated and have a UMA permission ticket for at least one resource. The scope of unauthorized access extends to all resources of the same type on the resource server under the specified configuration conditions. There is no indication of availability impact. The CVSS 3.1 base score is 4.6 (medium), reflecting low complexity and privileges required but limited impact scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-9799 for current remediation guidance. Since the vulnerability requires the resource server to be in PERMISSIVE policy enforcement mode and specific configuration conditions, a temporary mitigation could be to avoid using PERMISSIVE mode or ensure explicit policies protect resource types with ownerManagedAccess enabled. Follow Red Hat's official advisory for updates and patches.
CVE-2026-9799: Authorization Bypass Through User-Controlled Key in Red Hat Red Hat Build of Keycloak
Description
CVE-2026-9799 is a medium-severity vulnerability in Red Hat Build of Keycloak where an authenticated user with a User-Managed Access (UMA) permission ticket for one resource can bypass per-resource access controls. This occurs when the resource server is configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled without explicit policies protecting the resource type. Exploitation allows unauthorized access to all resources of that type within the same resource server, potentially leading to information disclosure or modification.
CVSS v3.1
Score 4.6medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from a flaw in the org.keycloak.authorization component of Red Hat Build of Keycloak. An authenticated user granted a UMA permission ticket for a specific resource can exploit a crafted permission request prefix to bypass access controls that are intended to restrict access on a per-resource basis. The bypass is possible only if the resource server is in PERMISSIVE policy enforcement mode and the resource type is ownerManagedAccess enabled without explicit policies. The result is unauthorized access to all resources of that type on the resource server, even without tickets for those resources.
Potential Impact
The vulnerability allows unauthorized information disclosure and modification of resources within the affected resource server. The attacker must be authenticated and have a UMA permission ticket for at least one resource. The scope of unauthorized access extends to all resources of the same type on the resource server under the specified configuration conditions. There is no indication of availability impact. The CVSS 3.1 base score is 4.6 (medium), reflecting low complexity and privileges required but limited impact scope.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-9799 for current remediation guidance. Since the vulnerability requires the resource server to be in PERMISSIVE policy enforcement mode and specific configuration conditions, a temporary mitigation could be to avoid using PERMISSIVE mode or ensure explicit policies protect resource types with ownerManagedAccess enabled. Follow Red Hat's official advisory for updates and patches.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-05-28T03:53:25.960Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-9799","vendor":"Red Hat"}]
Threat ID: 6a3d5b514853345fc13372d9
Added to database: 06/25/2026, 16:46:09 UTC
Last enriched: 06/25/2026, 17:01:45 UTC
Last updated: 06/25/2026, 17:01:45 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.