PatchSiren cyber security CVE debrief
CVE-2026-11577 Red Hat CVE debrief
A flaw was found in Keycloak, which allows a limited administrator to exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This enables them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm administrator by importing users with realm-admin role mappings.
- Vendor
- Red Hat
- Product
- Red Hat Build of Keycloak
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of Keycloak, especially those with limited administrator privileges, should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 7.2 and is classified as HIGH severity. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. The weakness associated with this vulnerability is CWE-863.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the POST /admin/realms/{realm}/partialImport endpoint to only trusted administrators.
- Monitor and audit administrator activities to detect potential exploitation attempts.
Evidence notes
The vendor is Redhat, and the product is Keycloak. The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4], [ref-5], and [ref-6].
Official resources
CVE-2026-11577 was published on 2026-06-08T13:16:32.943Z and modified on 2026-06-09T20:16:32.000Z.