CVE-2026-9791
Description
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Keycloak discloses organization metadata in user-facing APIs and OIDC tokens after an administrator disables the Organizations feature, potentially causing incorrect authorization decisions.
Vulnerability
A flaw in Keycloak causes the Organizations feature to remain partially active after an administrator disables it by setting organizationsEnabled=false at the realm level. The admin Organizations API correctly returns 404, but user-facing paths still serve organization data. The account API (GET /realms/{realm}/account/organizations) continues to return membership details, and OIDC token requests with scope=openid organization still include the organization claim. This affects all Keycloak versions with Organizations support; the specific version is not stated in available references [1][2].
Exploitation
An authenticated user who already has organization membership can exploit this by calling the account API or requesting an OIDC token with the organization scope. The realm must have had Organizations enabled at some point before being disabled by an administrator. The client must be configured to allow the organization scope. The exploit works for the client-credentials and resource-owner-password grant types [2]. No other special network position is required beyond normal authenticated access.
Impact
A successful exploit leaks organization metadata (such as membership details) into tokens or API responses. Although the CVSS confidentiality impact is low (score 4.3) [2], the leaked data can be used by resource servers for authorization decisions, potentially leading to incorrect access control choices after the administrator has intentionally disabled the feature [1][2].
Mitigation
No patch is available as of the publication date. Administrators should review client configurations to ensure the organization scope is not allowed for clients, and consider revoking tokens issued while the feature was enabled. Until a fix is released, operators may need to manually audit user-facing API access or restrict the organization scope via client policies [2].
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing enforcement of the `organizationsEnabled` realm flag on user-facing account API and OIDC token issuance paths allows organization metadata to be disclosed after the feature is disabled."
Attack vector
An authenticated user who already has organization membership sends a request to the account API (`GET /realms/{realm}/account/organizations`) or requests an OIDC token with `scope=openid organization` using the client-credentials or resource-owner-password grant type [ref_id=1]. The realm must have had Organizations enabled previously and then been disabled by an administrator, and the client must be configured to allow the `organization` scope [ref_id=1]. The server returns organization metadata in the response or token despite the feature being disabled, leaking data that resource servers may use for authorization decisions [ref_id=1].
Affected code
The advisory identifies the component as `org.keycloak.organization` [ref_id=1]. The user-facing account API endpoint `GET /realms/{realm}/account/organizations` and the OIDC token issuance path for the `organization` scope are the affected code paths [ref_id=1]. No patch files are provided in the bundle.
What the fix does
No patch is available in the bundle [ref_id=1]. The advisory states that Keycloak correctly blocks the admin Organizations API (returning 404) when `organizationsEnabled` is set to `false`, but fails to enforce the disabled state on user-facing paths [ref_id=1]. A fix would need to add a check of the `organizationsEnabled` realm flag before returning organization data from the account API and before including the `organization` claim in OIDC tokens [ref_id=1].
Preconditions
- authThe attacker must be an authenticated user with existing organization membership.
- configThe realm must have had Organizations enabled previously and then been disabled by an administrator.
- configThe client must be configured to allow the organization scope.
Reproduction
1. Enable Organizations on a realm and create organization memberships for users. 2. As an administrator, disable Organizations by setting `organizationsEnabled=false` on the realm. 3. As an authenticated user, send `GET /realms/{realm}/account/organizations`. Observe that organization membership data is returned (200 OK) despite the feature being disabled. 4. Request a token with `scope=openid organization` using the client-credentials or resource-owner-password grant type. Observe that the issued token contains the `organization` claim. [ref_id=1]
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.