PatchSiren cyber security CVE debrief
CVE-2026-9799 Redhat CVE debrief
CVE-2026-9799 is a vulnerability in Redhat Build Of Keycloak that allows an authenticated user with a granted User-Managed Access (UMA) permission ticket for one resource to bypass per-resource access control. This can lead to unauthorized access to all resources of that type within the same resource server, even if the user does not have a ticket for those specific resources. The vulnerability requires the resource server to be configured in PERMISSIVE policy enforcement mode and affects typed resources with ownerManagedAccess enabled, where no explicit policy protects the resource type. The primary consequence is unauthorized information disclosure or modification of resources. Users should check their systems for the affected versions 26.4 and 26.6, and apply patches or mitigations as available.
- Vendor
- Redhat
- Product
- Build Of Keycloak
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-07-01
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-07-01
Who should care
Users of Redhat Build Of Keycloak, particularly those with PERMISSIVE policy enforcement mode enabled, should be aware of this vulnerability and take steps to mitigate it. This includes checking for affected versions and applying patches or updates as available. Additionally, users with sensitive resources or high-security requirements should review their configurations and consider compensating controls.
Technical summary
The vulnerability is caused by a flaw in org.keycloak.authorization, which allows an authenticated user to bypass per-resource access control using a specific permission request prefix. This affects typed resources with ownerManagedAccess enabled and no explicit policy protection. The vulnerability has a CVSS score of 4.6 and a severity of MEDIUM. The CVE was published on 2026-06-25T17:17:04.047Z and modified on 2026-07-01T18:37:39.827Z.
Defensive priority
This vulnerability has a medium severity and requires attention from users of Redhat Build Of Keycloak. Users should prioritize patching or mitigating this vulnerability to prevent unauthorized access to sensitive resources.
Recommended defensive actions
- Check systems for affected versions 26.4 and 26.6
- Apply patches or updates as available
- Review configurations and consider compensating controls
- Monitor for suspicious activity
- Update incident response plans
Evidence notes
The CVE-2026-9799 vulnerability was reported by Redhat and has a detailed description in the NVD database. The vulnerability affects Redhat Build Of Keycloak versions 26.4 and 26.6. Users can find more information and mitigations on the Redhat website.
Official resources
-
CVE-2026-9799 CVE record
CVE.org
-
CVE-2026-9799 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
This article is AI-assisted and based on the supplied source corpus.