High severity8.1NVD Advisory· Published Apr 2, 2026· Updated Apr 16, 2026
CVE-2026-4636
CVE-2026-4636
Description
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 26.5.7 | 26.5.7 |
Affected products
12cpe:2.3:a:redhat:build_of_keycloak:26.2.15:*:*:*:text-only:*:*:*+ 4 more
- cpe:2.3:a:redhat:build_of_keycloak:26.2.15:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.2:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.4.11:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:26.4:*:*:*:text-only:*:*:*
- cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*
- osv-coords7 versionspkg:apk/chainguard/keycloak-26.5pkg:apk/chainguard/keycloak-26.5-iamguarded-compatpkg:apk/chainguard/keycloak-fips-26.5pkg:apk/chainguard/keycloak-fips-26.5-iamguarded-fipspkg:apk/wolfi/keycloak-26.5pkg:apk/wolfi/keycloak-26.5-iamguarded-compatpkg:maven/org.keycloak/keycloak-services
< 26.5.7-r0+ 6 more
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.6-r4
- (no CPE)range: < 26.5.6-r4
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7-r0
- (no CPE)range: < 26.5.7
Patches
Vulnerability mechanics
References
10- bugzilla.redhat.com/show_bug.cginvdExploitIssue TrackingVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6475nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6476nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6477nvdVendor AdvisoryWEB
- access.redhat.com/errata/RHSA-2026:6478nvdVendor AdvisoryWEB
- access.redhat.com/security/cve/CVE-2026-4636nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-f2hx-5fx3-hmcvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-4636ghsaADVISORY
- github.com/keycloak/keycloak/commit/995832f8b74b02833d106c8788bb7a78634aa725ghsaWEB
- github.com/keycloak/keycloak/issues/47717ghsaWEB
News mentions
0No linked articles in our index yet.