PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9799 Redhat CVE debrief

CVE-2026-9799 is a vulnerability in Redhat Build Of Keycloak that allows an authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource to bypass per-resource access control. This can lead to unauthorized access to all resources of that type within the same resource server, even if the user does not have a ticket for those specific resources. The vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources. Users should check their systems for the affected versions 26.4 and 26.6, and apply patches or mitigations as available.

Vendor
Redhat
Product
Build Of Keycloak
CVSS
MEDIUM 4.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-25
Original CVE updated
2026-07-01
Advisory published
2026-06-25
Advisory updated
2026-07-01

Who should care

Users of Redhat Build Of Keycloak, particularly those with PERMISSIVE policy enforcement mode enabled, should be aware of this vulnerability and take steps to mitigate it. This includes checking for affected versions and applying patches or updates as available. Additionally, users with sensitive resources or high-security requirements should review their configurations and consider compensating controls.

Technical summary

The vulnerability is caused by a flaw in org.keycloak.authorization, which allows an authenticated user to bypass per-resource access control using a specific permission request prefix. This affects typed resources with ownerManagedAccess enabled and no explicit policy protection. The vulnerability has a CVSS score of 4.6 and a severity of MEDIUM. The CVE was published on 2026-06-25T17:17:04.047Z and modified on 2026-07-01T18:37:39.827Z.

Defensive priority

This vulnerability has a medium severity and requires attention from users of Redhat Build Of Keycloak. Users should prioritize patching or mitigating this vulnerability to prevent unauthorized access to sensitive resources.

Recommended defensive actions

  • Check systems for affected versions 26.4 and 26.6
  • Apply patches or updates as available
  • Review configurations and consider compensating controls
  • Monitor for suspicious activity
  • Update incident response plans

Evidence notes

The CVE-2026-9799 vulnerability was reported by Redhat and has a detailed description in the NVD database. The vulnerability affects Redhat Build Of Keycloak versions 26.4 and 26.6. Users can find more information and mitigations on the Redhat website.

Official resources

This article is AI-assisted and based on the supplied source corpus.