Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3245 articles · 170299 vulns · 37/41 feeds (7d)
← Back to list
6.5
CVE-2026-12388EXPLOITED
red hat · keycloak

Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

Description

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.

Affected Products

VendorProductVersions
red hatkeycloak—

References

  • https://access.redhat.com/security/cve/CVE-2026-12388(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2489140(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B
BSI Advisories2d ago
[NEU] [UNGEPATCHT] [mittel] Keycloak: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB3d ago
CVE-2026-12388 | Keycloak on Red Hat privileges assignment
→ No new info (linked only)
CVSS 3.16.5 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-266
PublishedJun 30, 2026
Last enriched2d agov2
Tags
authentication bypassinformation disclosureprivilege escalation
Trending Score35
Source articles2
Independent2
Info Completeness6/14
Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-14258EXP
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Trending: 58
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 51
CRITICALCVE-2026-14544EXP
Hplip: incomplete fix for cve-2026-8631
Trending: 50
HIGHCVE-2026-12505EXP
Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
Trending: 39
NONECVE-2026-54369EXP
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Trending: 36

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: description, severity, activelyExploited
Jun 30, 2026
Actively Exploited
Jun 30, 2026

Version History

v2
Last enriched 2d ago
v2Tier C3d ago

Updated description with new details, changed severity to HIGH, and marked as actively exploited.

descriptionseverityactivelyExploited
via VulDB
v13d ago

Initial creation