ZeroPath at Black Hat USA 2026

Keycloak CVE-2026-9795: Brief Summary of FGAPv2 Privilege Escalation via Scope Mapping Bypass

A brief summary of CVE-2026-9795, a high severity privilege escalation in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature that allows delegated administrators to inject arbitrary realm roles into client scope mappings, poisoning authentication tokens for downstream users.

CVE Analysis

9 min read

ZeroPath CVE Analysis
ZeroPath CVE Analysis

2026-05-27

Keycloak CVE-2026-9795: Brief Summary of FGAPv2 Privilege Escalation via Scope Mapping Bypass
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction

A missing authorization check in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) feature allows a delegated administrator with limited client management permissions to inject arbitrary realm roles, including realm-admin, into a client's scope mapping, effectively poisoning the authentication tokens issued to downstream users. This is the second privilege escalation vulnerability discovered in the FGAPv2 feature since its introduction in Keycloak 26.2.0 just one year ago, raising questions about the maturity of the permission enforcement model in one of the most widely deployed open source IAM platforms.

Keycloak is an open source identity and access management solution providing single sign on, social login, user federation, and standards based authentication for modern applications. Commercially distributed by Red Hat (an IBM subsidiary) as the "Red Hat build of Keycloak," it serves as the identity backbone for enterprise environments across the $22+ billion IAM market. With 114 recorded CVEs according to OpenCVE, Keycloak represents a significant and persistent attack surface for organizations relying on it for centralized authentication.

Technical Information

Root Cause

CVE-2026-9795 resides in the Keycloak admin REST API, specifically within the org.keycloak.services.resources.admin component. The ScopeMappedResource and ScopeMappedClientResource write endpoints, which handle adding and deleting scope mappings for clients, fail to invoke the requireMapClientScope authorization check on a per-role basis. This omission means the API does not verify whether the requesting administrator holds the MAP_ROLE_CLIENT_SCOPE permission before allowing a realm role to be added to a client's scope mapping.

The vulnerability is classified under CWE-266 (Incorrect Privilege Assignment), which describes a weakness where "a product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor." In this case, the missing check creates an unintended sphere of control: any administrator with fine-grained manage permission on a single client can manipulate scope mappings to include roles they should never be able to assign.

CVSS Vector Analysis

The CVSS 3.1 vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N, yielding a score of 7.3 (High).

CVSS MetricValueInterpretation
Attack VectorNetwork (AV:N)Exploitable remotely over the network
Attack ComplexityHigh (AC:H)Requires specific conditions: FGAPv2 enabled, limited admin access
Privileges RequiredHigh (PR:H)Attacker must be an administrator with limited manage permissions
User InteractionRequired (UI:R)A privileged user must authenticate through the modified client
ScopeChanged (S:C)Impact crosses security boundaries beyond the vulnerable component
ConfidentialityHigh (C:H)Full access to realm data possible via injected roles
IntegrityHigh (I:H)Attacker can modify realm configuration via elevated privileges
AvailabilityNone (A:N)No direct availability impact

The Scope:Changed metric is particularly significant here. The vulnerability's impact extends from the client level boundary into the realm level boundary, meaning a small code defect in scope mapping enforcement produces a large blast radius across the entire Keycloak realm.

Attack Flow

Three conditions must converge for successful exploitation:

Step 1: FGAPv2 must be enabled. The target realm must have adminPermissionsEnabled=true. This feature was introduced in Keycloak 26.2.0 (May 2025) and provides fine-grained delegated administration capabilities.

Step 2: The attacker must hold fine-grained manage permission on at least one client. The attacker does NOT need global manage-clients permission or MAP_ROLE_CLIENT_SCOPE permission on any privileged role. A narrow, delegated permission on a single client is sufficient.

Step 3: The attacker injects a privileged role into the client's scope mapping. The attacker calls:

POST /admin/realms/{realm}/clients/{uuid}/scope-mappings/realm

with the realm-admin role (or any other highly privileged role) in the request body. Due to the missing requireMapClientScope check, the request succeeds despite the attacker lacking the necessary permissions.

Step 4 (optional): The attacker enables full scope. The attacker can set fullScopeAllowed=true on the client via:

PUT /admin/realms/{realm}/clients/{uuid}

Step 5: Token poisoning occurs. When a user who holds the targeted role (e.g., realm-admin) authenticates through the modified client, the injected role is projected into the issued authentication token. The attacker does not directly gain privileges; instead, they poison the token issuance pipeline, granting the authenticating user unintended scope within that client session.

This indirect exploitation model is what drives the User Interaction:Required metric in the CVSS vector. The attacker sets the trap, but a privileged user must walk into it by authenticating through the compromised client.

Architectural Implications

The mismatch between the narrow root cause (a missing requireMapClientScope call) and the broad impact (realm level privilege escalation via token poisoning) is characteristic of IAM platform vulnerabilities. The vulnerability effectively turns the scope mapping mechanism into a privilege injection vector, allowing a lower-privileged actor to influence the tokens issued to higher-privileged actors without directly compromising their accounts.

This is also the second documented privilege escalation in FGAPv2. CVE-2025-7784 (CVSS 7.1 High) addressed a similar admin console privilege escalation when FGAPv2 was enabled, allowing a user with limited permissions to improperly access restricted administrative functionality. The recurrence of privilege escalation flaws within the same feature suggests a systemic weakness in the permission enforcement model that warrants architectural review rather than point fixes.

Affected Systems and Versions

Based on the available information, the following configurations are affected:

  • Keycloak instances with FGAPv2 enabled (adminPermissionsEnabled=true on the realm)
  • FGAPv2 was introduced in Keycloak 26.2.0 (May 2025), making versions from 26.2.0 onward potentially vulnerable when this feature is enabled
  • The most recent release, Keycloak 26.6.2 (May 19, 2026), does not include a fix for CVE-2026-9795
  • Red Hat build of Keycloak distributions are also affected when FGAPv2 is enabled

The vulnerability cannot be exploited if FGAPv2 is not enabled on the realm, or if no delegated administrator holds fine-grained manage permission on any client. Organizations that have not enabled FGAPv2 are not affected.

No patched version has been identified. The Red Hat Bugzilla entry's "Fixed In Version" field remains empty as of 2026-05-28.

Vendor Security History

Keycloak has accumulated 114 CVEs according to OpenCVE, reflecting a persistent attack surface in the IAM platform. Recent high severity Keycloak CVEs illustrate the breadth of vulnerability types:

CVE IDCVSSDescriptionDate
CVE-2026-75717.1 HighAccess token disclosure and implicit flow bypass via forged client dataMay 2026
CVE-2026-7507N/ASession fixation in login actions endpointsMay 2026
CVE-2026-4366N/ABlind Server Side Request Forgery (SSRF) via HTTP redirect handlingApr 2026
CVE-2026-4634N/AApplication level DoS via scope parameter2026
CVE-2025-77847.1 HighPrivilege escalation in Keycloak admin console (FGAPv2 enabled)2026
CVE-2026-97957.3 HighPrivilege escalation via improper scope mapping enforcement (FGAPv2)May 2026

The FGAPv2 feature specifically has produced two privilege escalation CVEs (CVE-2025-7784 and CVE-2026-9795) within approximately one year of its introduction. This pattern suggests the feature's permission enforcement model has not yet reached maturity. Organizations should treat FGAPv2 as carrying elevated risk until a sustained period without new privilege escalation findings is observed.

Red Hat's security response process, coordinated through [email protected] and the Red Hat Bugzilla system, has been consistent in acknowledging and tracking these issues. Recent advisories include RHSA-2026:19596 (Red Hat build of Keycloak 26.4.12) and RHSA-2026:6478, though neither addresses CVE-2026-9795.

No recent Keycloak CVEs have been observed as actively exploited in the wild, and none appear on the CISA Known Exploited Vulnerabilities catalog.

References

Detect & fix
what others miss

Works with
  • GitHub
  • GitLab
  • Bitbucket
  • Azure DevOps Services
  • Jira
  • Linear
  • Slack
  • Security Compass
Security magnifying glass visualization