HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-9800 — A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any auth...

·Source: NIST NVD

Updated:

Executive Summary

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

Analysis

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources. CVSS Score: 8.1. Published: 2026-06-25T17:17:04.180.

Indicators of Compromise (1)

CVE (1)
CVE-2026-9800
Source Attribution

Originally published by NIST NVD on Jun 25, 2026. Verified by: NIST.

Related Threats