Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-9793EXPLOITED

red hat · keycloak

Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

Description

A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements.

Affected Products

Vendor	Product	Versions
red hat	keycloak	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source keycloak	cert_advisory	90%

References

https://access.redhat.com/security/cve/CVE-2026-9793(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2482460(issue-tracking, x_refsource_REDHAT)

Related News (3 articles)

Tier B

BSI Advisories5h ago

[UPDATE] [mittel] Red Hat Single Sign On: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

→ No new info (linked only)

Tier B

BSI Advisories11d ago

[NEU] [UNGEPATCHT] [mittel] Keycloak: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB11d ago

CVE-2026-9793 | Keycloak on Red Hat signature verification

→ No new info (linked only)

CVSS 3.17.5 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-347

PublishedMay 28, 2026

Last enriched11d agov2

Trending Score51

Source articles3

Independent2

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11332EXP

Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution

NONECVE-2026-10533EXP

Openshift: openshift: non-admin user can bypass resourcequota and flood etcd with events causing cluster-wide api degradation

Information Disclosure Vulnerability in Ansible

NONECVE-2026-3238EXP

Samba: denial of service against ad dc wins server

NONECVE-2026-43958

Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 28, 2026

Discovered by ZDM

May 28, 2026

Updated: severity, cvssEstimate, activelyExploited

May 28, 2026

Actively Exploited

May 30, 2026

Version History

v2

Last enriched 11d ago

v2Tier C11d ago

Updated severity to HIGH, added CVSS estimate of 7.5, and marked the vulnerability as actively exploited.

severitycvssEstimateactivelyExploited

via VulDB

v111d ago

Initial creation