Introduction
A limited Keycloak administrator can escalate to full realm administrator with a single API call, bypassing the very permission model designed to prevent exactly that. CVE-2026-11577 targets the POST /admin/realms/{realm}/partialImport endpoint, where a coarse grained authorization check replaces what should be granular FGAP enforcement, allowing an attacker to import users carrying realm-admin role mappings and seize complete control of the realm.
What makes this particularly notable is the timeline: the underlying behavior was reported as GitHub issue #9387 in January 2022 against Keycloak 16.1.0, labeled as a "hardening" concern, and closed as "not planned." Over four years later, it has been reclassified as an exploitable privilege escalation vulnerability with a CVSS score of 7.2. As of the NVD publication date, no patch is available, and the Bugzilla disclosure deadline is set for 2026-07-18.
Keycloak is an open source Identity and Access Management platform maintained by Red Hat, providing SSO, OAuth 2.0/OIDC, user federation, and fine grained administrative permissions. It serves over 6,500 customers globally and holds approximately 1.64% of the IAM market, ranking #8 among IAM vendors according to 6sense. Its widespread adoption across enterprise environments, particularly in the United States (44.07% of deployments) and Germany (12.24%), means this vulnerability has a broad potential blast radius.
Technical Information
Root Cause: A Single Coarse Check Where Granular Enforcement Is Required
The vulnerability resides in the partialImport method within RealmAdminResource.java. When a request arrives at POST /admin/realms/{realm}/partialImport, the method performs a single authorization check: auth.realm().requireManageRealm(). If the calling administrator holds the manage-realm role, this check passes unconditionally.
The problem is what happens next, or rather, what does not happen. The method proceeds to process the entire import payload without performing any per-resource-type FGAP permission checks. Keycloak's Fine Grained Admin Permissions system is designed to scope administrative actions to specific resource types (users, roles, clients, etc.), enforcing the principle of least privilege. An administrator might hold manage-realm but be explicitly denied the ability to manage users or assign roles. The partialImport endpoint ignores all of these granular restrictions.
This is classified as CWE-863 (Incorrect Authorization). The distinction matters: CWE-863 applies when an authorization check is performed but is insufficient, as opposed to CWE-285 (Improper Authorization) where checks are missing entirely. Keycloak does check authorization; it just checks the wrong thing.
Attack Flow
The exploitation path is straightforward and requires no specialized tooling:
Step 1: Obtain limited administrator credentials. The attacker needs access to an account that holds the manage-realm role but is restricted by FGAP policies from managing users or assigning roles. This is a common configuration in organizations that use FGAP to delegate specific administrative tasks.
Step 2: Craft the import payload. The attacker constructs a JSON payload for the partialImport endpoint that defines a user (either a new account or an existing one) with realm-admin role mappings included in the user definition.
Step 3: Send the request. A single POST request to /admin/realms/{realm}/partialImport with the crafted payload is all that is needed.
Step 4: Authorization bypass occurs. The endpoint evaluates requireManageRealm(), which passes because the attacker holds manage-realm. No FGAP checks are performed on the imported user's role mappings.
Step 5: Privilege escalation is complete. The imported user now holds realm-admin privileges. If the attacker imported their own account with these mappings, they now have full administrative control over the realm, including access to all user data, authentication configurations, client secrets, and identity flows.
| Attribute | Detail |
|---|---|
| CVSS Score | 7.2 (High) |
| Attack Complexity | Low (single API call) |
| Privileges Required | Limited administrator (manage-realm role) |
| User Interaction | None |
| Endpoint | POST /admin/realms/{realm}/partialImport |
| CWE | CWE-863 (Incorrect Authorization) |
| Verified Against | Keycloak 26.6.1 |
The partialImport Endpoint's Troubled History
Beyond this authorization bypass, the partialImport endpoint has a documented history of additional flaws. GitHub issue #36408 reported that the endpoint could remove existing user credentials during import. Issue #15554 documented behavioral inconsistencies between the UI and API calls for partial import. These issues collectively suggest that the endpoint has not received the same level of security scrutiny as other parts of the admin REST API.
Systemic FGAP Weakness Pattern
CVE-2026-11577 is the third distinct FGAP bypass in Keycloak disclosed within approximately a year:
| CVE / Advisory | Description | Affected Versions | Fix Versions | Severity |
|---|---|---|---|---|
| CVE-2026-11577 | partialImport FGAP bypass leading to realm-admin escalation | 26.6.1 (verified) | Not yet released | 7.2 (High) |
| CVE-2025-7784 (GHSA-27gp-8389-hm4w) | Admin console role mapping FGAPv2 bypass leading to realm-admin escalation | 26.2.0 to < 26.2.6 | 26.2.6, 26.3.0 | Moderate |
| GHSA-83j7-mhw9-388w | FGAPv2 Admin PrivEsc (related) | FGAPv2 enabled deployments | See advisories | Not specified |
The common thread across all three is the org.keycloak:keycloak-services Maven package, which handles authorization decisions in the admin REST API. The pattern suggests an architectural weakness in how FGAP permissions are enforced across different API endpoints rather than isolated implementation bugs.
Affected Systems and Versions
The vulnerability has been verified against Keycloak 26.6.1. Given that the underlying behavior was first reported against Keycloak 16.1.0 in January 2022 and the root cause (a single requireManageRealm() check without per-resource-type FGAP enforcement) has persisted since then, the window of exposure may span all versions from at least 16.1.0 through the current release.
As of 2026-06-08, the following recent Keycloak releases do not address this CVE:
- Keycloak 26.6.2 (released May 19, 2026)
- Keycloak 26.5.7 (released April 2, 2026)
- Keycloak 26.5.0 (released January 2026)
The Red Hat build of Keycloak is also affected. Recent Red Hat Security Advisories RHSA-2026:6478 (covering version 26.4.11) and RHSA-2026:2366 (covering version 26.4.9) do not address this specific CVE.
Organizations running any version of Keycloak where FGAP is used to restrict administrative access should consider themselves potentially affected.
Vendor Security History
Keycloak has accumulated a significant number of security vulnerabilities in recent years, with a recurring theme around authorization and privilege escalation:
| CVE | Year | Type | CVSS | Description |
|---|---|---|---|---|
| CVE-2026-11577 | 2026 | Privilege Escalation | 7.2 | partialImport FGAP bypass |
| CVE-2026-7571 | 2026 | Access Token Disclosure | 7.1 | Implicit flow bypass via forged client data |
| CVE-2026-7507 | 2026 | Session Fixation | N/A | Login actions endpoint session fixation |
| CVE-2026-4634 | 2026 | DoS | N/A | Application level DoS via Scope |
| CVE-2026-4282 | 2026 | Privilege Escalation | N/A | Forged authorization codes |
| CVE-2025-7784 | 2025 | Privilege Escalation | Moderate | FGAPv2 admin console role mapping bypass |
| CVE-2025-14559 | 2025 | Authorization Bypass | N/A | Unauthorized token issuance for disabled users |
| CVE-2025-14083 | 2025 | Info Disclosure | N/A | Admin REST API improper access control |
| CVE-2025-11537 | 2025 | Info Disclosure | N/A | Authentication headers exposed in logs |
| CVE-2023-4918 | 2023 | Info Disclosure | N/A | User passwords exposed via attributes |
The contrast between CVE-2025-7784 and CVE-2026-11577 is instructive. CVE-2025-7784 (the FGAPv2 admin console bypass) was disclosed and patched within the same release cycle, fixed in versions 26.2.6 and 26.3.0. This demonstrates the Keycloak team can respond quickly when a vulnerability is recognized as such from the start. CVE-2026-11577, however, illustrates how framing a security issue as "hardening" rather than "vulnerability" can delay the entire response timeline by years.
Red Hat has maintained a reasonably active patch cadence overall, with security releases distributed through the standard RHSA process for the commercially supported Red Hat build of Keycloak.
References
- NVD: CVE-2026-11577
- Red Hat CVE Page: CVE-2026-11577
- Bugzilla: 2459993 (CVE-2026-11577)
- GitHub Issue #9387: Hardening of manage-realm role
- GHSA-27gp-8389-hm4w: Privilege Escalation in Keycloak Admin Console (FGAPv2)
- GHSA-83j7-mhw9-388w: Keycloak FGAPv2 Admin PrivEsc
- GitLab Advisory: CVE-2025-7784 in keycloak-services
- CWE-863: Incorrect Authorization
- Keycloak Releases
- Keycloak 26.5.7 Release Notes
- RHSA-2026:6478 Security Advisory
- RHSA-2026:2366 Security Advisory
- Red Hat build of Keycloak
- Keycloak Market Share (6sense)
- CISA Known Exploited Vulnerabilities Catalog
- GitHub Issue #36408: Partial Import removed existing user credentials
- GitHub Issue #15554: PartialImport API behavioral inconsistencies



