VDB
CVE-2026-4636
CVE-2026-4636
PUBLISHED
CVSS 8.100000381469727 HIGH
A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned resource. Consequently, the attacker gains unauthorized permissions to victim-owned resources, enabling them to obtain a Requesting Party Token (RPT) and access sensitive information or perform unauthorized actions.
EPSS 0.01% · 2.2th percentile
Risk Scores
CVSS v3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.01%
2.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-14 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4-14 |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2.15-1 |
| Red Hat | Red Hat build of Keycloak 26.4 | 26.4.11-1 |
| Red Hat | Red Hat build of Keycloak 26.2.15 | |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-18 |
| Red Hat | Red Hat build of Keycloak 26.4.11 | |
| Red Hat | Red Hat build of Keycloak 26.2 | 26.2-18 |
Timeline
- Apr 2, 2026 CVE Published
- Apr 2, 2026 PoC Published
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Security Advisory
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Security Advisory
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Security Advisory
- Apr 2, 2026 Distribution Patch
- Apr 2, 2026 Security Advisory
- Apr 2, 2026 Security Advisory
- Apr 3, 2026 EPSS Score
References
- RHSA-2026:6475 vendor-advisory
- RHSA-2026:6476 vendor-advisory
- RHSA-2026:6477 vendor-advisory
- RHSA-2026:6478 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2026-4636 vdb
- RHBZ#2450251 issue
- https://nvd.nist.gov/vuln/detail/CVE-2026-4636 advisory