CVE-2026-9795
Description
A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security controls, allowing the injected role to be projected into a user's authentication token when they access the modified client. This could lead to unauthorized privilege escalation within the Keycloak realm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Keycloak FGAPv2 allows a limited admin to assign any realm role to a client's scope mapping, leading to token injection and privilege escalation.
Vulnerability
A flaw exists in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature, specifically in the ScopeMappedResource and ScopeMappedClientResource write endpoints for adding and deleting scope mappings [2]. These endpoints do not call requireMapClientScope per role, allowing an administrator with only fine-grained manage permission on a single client to attach any realm role—including highly privileged roles like realm-admin—to that client's scope mapping [1][2]. This bypasses the intended MAP_ROLE_CLIENT_SCOPE permission boundary. The vulnerability affects all Keycloak versions with FGAPv2 support [2].
Exploitation
To exploit, the attacker must have FGAPv2 enabled on the realm (adminPermissionsEnabled=true) and hold fine-grained manage permission on at least one client [2]. The attacker then sends a POST request to /admin/realms/{r}/clients/{uuid}/scope-mappings/realm with the targeted role (e.g., realm-admin) in the request body [2]. The request succeeds despite lacking MAP_ROLE_CLIENT_SCOPE permission. Optionally, the attacker can set fullScopeAllowed=true on the client via a PUT request. Finally, a user who holds the targeted role must authenticate through the modified client [2].
Impact
Upon successful exploitation, the injected role is projected into the user's authentication token when they access the modified client [1][2]. This results in unauthorized privilege escalation within the Keycloak realm, as the attacker gains the privileges of the injected role (e.g., realm-admin). The CVSS score is 7.3 (High) with impacts on confidentiality and integrity [2].
Mitigation
As of the publication date (2026-05-28), no patch is available [2]. Red Hat has acknowledged the issue and a fix is pending. No workaround is documented in the available references. Administrators should monitor the Red Hat advisory [1] and Bugzilla [2] for updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 28, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing permission check (`requireMapClientScope`) in scope-mapping write endpoints allows bypass of the MAP_ROLE_CLIENT_SCOPE boundary."
Attack vector
An attacker who holds fine-grained manage permission on a single client (but no global `manage-clients` or `MAP_ROLE_CLIENT_SCOPE` permission) can call the scope-mapping write endpoints to attach any realm role—including highly privileged roles like `realm-admin`—to that client's scope mapping [ref_id=1]. When a user who holds the targeted role subsequently authenticates through the modified client, the injected role is projected into the issued token, resulting in privilege escalation [ref_id=1]. The attack requires FGAPv2 to be enabled on the realm (`adminPermissionsEnabled=true`) and a user holding the targeted role to authenticate through the modified client [ref_id=1].
Affected code
The vulnerability resides in the `ScopeMappedResource` and `ScopeMappedClientResource` write endpoints (add and delete scope mappings) within `org.keycloak.services.resources.admin` [ref_id=1]. These endpoints fail to call `requireMapClientScope` per role, which is the intended permission check for enforcing the `MAP_ROLE_CLIENT_SCOPE` boundary [ref_id=1].
What the fix does
The advisory states that no patch is currently available [ref_id=1]. The recommended remediation is to ensure that the `ScopeMappedResource` and `ScopeMappedClientResource` write endpoints call `requireMapClientScope` per role before allowing a scope mapping to be added or deleted, thereby enforcing the `MAP_ROLE_CLIENT_SCOPE` permission boundary [ref_id=1]. Until a fix is published, administrators should carefully audit which users hold fine-grained manage permissions on clients and consider whether FGAPv2 can be disabled on sensitive realms [ref_id=1].
Preconditions
- configFGAPv2 must be enabled on the realm (adminPermissionsEnabled=true)
- authAttacker must hold fine-grained manage permission on at least one client
- inputA user holding the targeted privileged role (e.g., realm-admin) must authenticate through the modified client
Reproduction
1. Enable FGAPv2 on the realm (`adminPermissionsEnabled=true`). 2. Create a delegated admin with fine-grained manage on a single client — no global `manage-clients`, no `MAP_ROLE_CLIENT_SCOPE` on any privileged role. 3. As the delegated admin, call `POST /admin/realms/{r}/clients/{uuid}/scope-mappings/realm` with `realm-admin` in the roles body — the request succeeds despite no `MAP_ROLE_CLIENT_SCOPE` permission. 4. Optionally flip `fullScopeAllowed=true` on the client via `PUT /admin/realms/{r}/clients/{uuid}`. 5. Authenticate as a user holding `realm-admin` through the modified client. 6. Inspect the issued token — `realm-admin` is projected into the token via the injected scope mapping [ref_id=1].
Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.