CVE Catalog

CVE-2026-9800

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A flaw in Keycloak Policy Enforcer allows any authenticated user to bypass all authorization policies, including role, scope, and UMA permission checks. By including the configured access-denied page path within a request URL, as a path segment or query parameter, an attacker can gain unauthorized access to protected resources.

Risk Assessment

The risk is complete bypass of access control mechanisms, potentially leading to unauthorized access to sensitive data and system functions, compromising confidentiality and integrity of protected resources.

Recommendation

Immediately update Keycloak to a version containing the fix for CVE-2026-9800 and review the Policy Enforcer configuration to ensure the access-denied page path is not accepted in URL requests.

Original NVD description (English source)

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS