Keycloak Privilege Escalation via Role Mapper Injection
CVE-2026-4629 Published on June 30, 2026

Keycloak: keycloak: privilege escalation through hardcoded role mapper injection
A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.

NVD

Vulnerability Analysis

CVE-2026-4629 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public. 28 days later.

Weakness Type

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.


Products Associated with CVE-2026-4629

Want to know whenever a new CVE is published for Red Hat Build Keycloak? stack.watch will email you.

 

Affected Versions

Red Hat Build of Keycloak: