HIGHVulnerability
Verified
Global
NVD HIGH: CVE-2026-9800 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any auth...
·Source: NIST NVD
Updated:
Executive Summary
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.
Analysis
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources. CVSS Score: 8.1. Published: 2026-06-25T17:17:04.180.