Medium severity6.5NVD Advisory· Published May 28, 2026· Updated Jun 3, 2026
CVE-2026-9796
CVE-2026-9796
Description
A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm, granting them extensive control over the system. The composite role relationship persists even after the attacker's own permissions are revoked and across system reboots.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- access.redhat.com/security/cve/CVE-2026-9796nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
News mentions
1- Keycloak: Twelve Vulnerabilities Disclosed, One High SeverityVypr Intelligence · May 28, 2026