Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3224 articles · 170285 vulns · 37/41 feeds (7d)
← Back to list
6.5
CVE-2026-12388EXPLOITED
red hat · keycloak

Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

Description

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.

Affected Products

VendorProductVersions
red hatkeycloak—

References

  • https://access.redhat.com/security/cve/CVE-2026-12388(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2489140(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B
BSI Advisories2d ago
[NEU] [UNGEPATCHT] [mittel] Keycloak: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB2d ago
CVE-2026-12388 | Keycloak on Red Hat privileges assignment
→ No new info (linked only)
CVSS 3.16.5 NONE
CISA KEV❌ No
Actively exploited✅ Yes
CWECWE-266
PublishedJun 30, 2026
Last enriched2d agov2
Tags
authentication bypassinformation disclosureprivilege escalation
Trending Score35
Source articles2
Independent2
Info Completeness6/14
Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-14258EXP
Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling
Trending: 58
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 52
HIGHCVE-2026-12505EXP
Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall
Trending: 39
NONECVE-2026-54369EXP
acl < 2.4.0 Symlink Traversal Privilege Escalation via libacl Functions
Trending: 36
NONECVE-2026-58013EXP
Glib: buffer over-read in glib/giochannel.c via "g_io_channel_read_line_backend"
Trending: 35

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 30, 2026
Discovered by ZDM
Jun 30, 2026
Updated: description, severity, activelyExploited
Jun 30, 2026
Actively Exploited
Jun 30, 2026

Version History

v2
Last enriched 2d ago
v2Tier C2d ago

Updated description with new details, changed severity to HIGH, and marked as actively exploited.

descriptionseverityactivelyExploited
via VulDB
v12d ago

Initial creation