Zero Day MonitorZDM

← Back to list

8.1

CVE-2026-9800EXPLOITEDPATCHED

red hat · keycloak

Keycloak: keycloak policy enforcer: authorization bypass via incorrect uri comparison

Description

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

Affected Products

Vendor	Product	Versions
red hat	keycloak	—

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	open source keycloak	cert_advisory	90%

References

https://access.redhat.com/errata/RHSA-2026:30049(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:30050(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:30083(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:30084(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-9800(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2482472(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B

BSI Advisories1d ago

[NEU] [hoch] Keycloak: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-9800 | Keycloak on Red Hat Query Parameter comparison using wrong factors

→ No new info (linked only)

CVSS 3.18.1 NONE

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

26.6-826.6.4-2

CWECWE-1025

PublishedJun 25, 2026

Last enriched2d agov2

Trending Score45

Source articles2

Independent2

Info Completeness6/14

Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-9086EXP

Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

NONECVE-2026-9083EXP

Keycloak: keycloak: information disclosure through arbitrary filesystem path probing

CRITICALCVE-2026-12992EXP

Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

HIGHCVE-2026-12993EXP

Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset

NONECVE-2026-13325EXP

Virt-handler-rhel9: kubevirt: kubevirt: disabletls migration setting removes authentication, exposing unauthenticated virtqemud proxy on all interfaces

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 25, 2026

Discovered by ZDM

Jun 25, 2026

Updated: description, severity, activelyExploited

Jun 25, 2026

Actively Exploited

Jun 26, 2026

Patch Available

Jun 26, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated description with new details, changed severity to CRITICAL, and marked as actively exploited.

descriptionseverityactivelyExploited

via VulDB

v12d ago

Initial creation