Vulnerability Details CVE-2026-4636
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.6%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2026-4636
-
cpe:2.3:a:redhat:build_of_keycloak:-
-
cpe:2.3:a:redhat:build_of_keycloak:26.2
-
cpe:2.3:a:redhat:build_of_keycloak:26.2.15
-
cpe:2.3:a:redhat:build_of_keycloak:26.4
-
cpe:2.3:a:redhat:build_of_keycloak:26.4.11