CVE-2026-9800
ADVISORY - dockerSummary
Description
A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.
EPSS Score: 0.00303 (0.219)
Common Weakness Enumeration (CWE)
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-9800
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-