ZeroPath at Black Hat USA 2026

Keycloak CVE-2026-11577: Brief Summary of the partialImport FGAP Bypass Leading to Full Realm Privilege Escalation

A brief summary of CVE-2026-11577, a high severity privilege escalation in Keycloak where a limited administrator can bypass Fine Grained Admin Permissions via the partialImport endpoint to gain full realm admin control. No patch is currently available.

CVE Analysis

10 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-06-08

Keycloak CVE-2026-11577: Brief Summary of the partialImport FGAP Bypass Leading to Full Realm Privilege Escalation
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A limited Keycloak administrator can escalate to full realm administrator with a single API call, bypassing the very permission model designed to prevent exactly that. CVE-2026-11577 targets the POST /admin/realms/{realm}/partialImport endpoint, where a coarse grained authorization check replaces what should be granular FGAP enforcement, allowing an attacker to import users carrying realm-admin role mappings and seize complete control of the realm.

What makes this particularly notable is the timeline: the underlying behavior was reported as GitHub issue #9387 in January 2022 against Keycloak 16.1.0, labeled as a "hardening" concern, and closed as "not planned." Over four years later, it has been reclassified as an exploitable privilege escalation vulnerability with a CVSS score of 7.2. As of the NVD publication date, no patch is available, and the Bugzilla disclosure deadline is set for 2026-07-18.

Keycloak is an open source Identity and Access Management platform maintained by Red Hat, providing SSO, OAuth 2.0/OIDC, user federation, and fine grained administrative permissions. It serves over 6,500 customers globally and holds approximately 1.64% of the IAM market, ranking #8 among IAM vendors according to 6sense. Its widespread adoption across enterprise environments, particularly in the United States (44.07% of deployments) and Germany (12.24%), means this vulnerability has a broad potential blast radius.

Technical Information

Root Cause: A Single Coarse Check Where Granular Enforcement Is Required

The vulnerability resides in the partialImport method within RealmAdminResource.java. When a request arrives at POST /admin/realms/{realm}/partialImport, the method performs a single authorization check: auth.realm().requireManageRealm(). If the calling administrator holds the manage-realm role, this check passes unconditionally.

The problem is what happens next, or rather, what does not happen. The method proceeds to process the entire import payload without performing any per-resource-type FGAP permission checks. Keycloak's Fine Grained Admin Permissions system is designed to scope administrative actions to specific resource types (users, roles, clients, etc.), enforcing the principle of least privilege. An administrator might hold manage-realm but be explicitly denied the ability to manage users or assign roles. The partialImport endpoint ignores all of these granular restrictions.

This is classified as CWE-863 (Incorrect Authorization). The distinction matters: CWE-863 applies when an authorization check is performed but is insufficient, as opposed to CWE-285 (Improper Authorization) where checks are missing entirely. Keycloak does check authorization; it just checks the wrong thing.

Attack Flow

The exploitation path is straightforward and requires no specialized tooling:

Step 1: Obtain limited administrator credentials. The attacker needs access to an account that holds the manage-realm role but is restricted by FGAP policies from managing users or assigning roles. This is a common configuration in organizations that use FGAP to delegate specific administrative tasks.

Step 2: Craft the import payload. The attacker constructs a JSON payload for the partialImport endpoint that defines a user (either a new account or an existing one) with realm-admin role mappings included in the user definition.

Step 3: Send the request. A single POST request to /admin/realms/{realm}/partialImport with the crafted payload is all that is needed.

Step 4: Authorization bypass occurs. The endpoint evaluates requireManageRealm(), which passes because the attacker holds manage-realm. No FGAP checks are performed on the imported user's role mappings.

Step 5: Privilege escalation is complete. The imported user now holds realm-admin privileges. If the attacker imported their own account with these mappings, they now have full administrative control over the realm, including access to all user data, authentication configurations, client secrets, and identity flows.

AttributeDetail
CVSS Score7.2 (High)
Attack ComplexityLow (single API call)
Privileges RequiredLimited administrator (manage-realm role)
User InteractionNone
EndpointPOST /admin/realms/{realm}/partialImport
CWECWE-863 (Incorrect Authorization)
Verified AgainstKeycloak 26.6.1

The partialImport Endpoint's Troubled History

Beyond this authorization bypass, the partialImport endpoint has a documented history of additional flaws. GitHub issue #36408 reported that the endpoint could remove existing user credentials during import. Issue #15554 documented behavioral inconsistencies between the UI and API calls for partial import. These issues collectively suggest that the endpoint has not received the same level of security scrutiny as other parts of the admin REST API.

Systemic FGAP Weakness Pattern

CVE-2026-11577 is the third distinct FGAP bypass in Keycloak disclosed within approximately a year:

CVE / AdvisoryDescriptionAffected VersionsFix VersionsSeverity
CVE-2026-11577partialImport FGAP bypass leading to realm-admin escalation26.6.1 (verified)Not yet released7.2 (High)
CVE-2025-7784 (GHSA-27gp-8389-hm4w)Admin console role mapping FGAPv2 bypass leading to realm-admin escalation26.2.0 to < 26.2.626.2.6, 26.3.0Moderate
GHSA-83j7-mhw9-388wFGAPv2 Admin PrivEsc (related)FGAPv2 enabled deploymentsSee advisoriesNot specified

The common thread across all three is the org.keycloak:keycloak-services Maven package, which handles authorization decisions in the admin REST API. The pattern suggests an architectural weakness in how FGAP permissions are enforced across different API endpoints rather than isolated implementation bugs.

Affected Systems and Versions

The vulnerability has been verified against Keycloak 26.6.1. Given that the underlying behavior was first reported against Keycloak 16.1.0 in January 2022 and the root cause (a single requireManageRealm() check without per-resource-type FGAP enforcement) has persisted since then, the window of exposure may span all versions from at least 16.1.0 through the current release.

As of 2026-06-08, the following recent Keycloak releases do not address this CVE:

  • Keycloak 26.6.2 (released May 19, 2026)
  • Keycloak 26.5.7 (released April 2, 2026)
  • Keycloak 26.5.0 (released January 2026)

The Red Hat build of Keycloak is also affected. Recent Red Hat Security Advisories RHSA-2026:6478 (covering version 26.4.11) and RHSA-2026:2366 (covering version 26.4.9) do not address this specific CVE.

Organizations running any version of Keycloak where FGAP is used to restrict administrative access should consider themselves potentially affected.

Vendor Security History

Keycloak has accumulated a significant number of security vulnerabilities in recent years, with a recurring theme around authorization and privilege escalation:

CVEYearTypeCVSSDescription
CVE-2026-115772026Privilege Escalation7.2partialImport FGAP bypass
CVE-2026-75712026Access Token Disclosure7.1Implicit flow bypass via forged client data
CVE-2026-75072026Session FixationN/ALogin actions endpoint session fixation
CVE-2026-46342026DoSN/AApplication level DoS via Scope
CVE-2026-42822026Privilege EscalationN/AForged authorization codes
CVE-2025-77842025Privilege EscalationModerateFGAPv2 admin console role mapping bypass
CVE-2025-145592025Authorization BypassN/AUnauthorized token issuance for disabled users
CVE-2025-140832025Info DisclosureN/AAdmin REST API improper access control
CVE-2025-115372025Info DisclosureN/AAuthentication headers exposed in logs
CVE-2023-49182023Info DisclosureN/AUser passwords exposed via attributes

The contrast between CVE-2025-7784 and CVE-2026-11577 is instructive. CVE-2025-7784 (the FGAPv2 admin console bypass) was disclosed and patched within the same release cycle, fixed in versions 26.2.6 and 26.3.0. This demonstrates the Keycloak team can respond quickly when a vulnerability is recognized as such from the start. CVE-2026-11577, however, illustrates how framing a security issue as "hardening" rather than "vulnerability" can delay the entire response timeline by years.

Red Hat has maintained a reasonably active patch cadence overall, with security releases distributed through the standard RHSA process for the commercially supported Red Hat build of Keycloak.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization