Sign In

CVE-2026-9800

ADVISORY - docker

Summary

Description

A flaw was found in Keycloak Policy Enforcer. This vulnerability allows any authenticated user to bypass all authorization policies, including role, scope, and User-Managed Access (UMA) permission checks. By including the configured access-denied page path within a request URL, either as a path segment or a query parameter, an attacker can gain unauthorized access to protected resources.

EPSS Score: 0.00303 (0.219)

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Docker

CREATED

UPDATED

ADVISORY ID

CVE-2026-9800

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY
PackageTypeOS NameOS VersionAffected RangesFix Versions
keycloakdhi--<26.6.426.6.4
keycloakdhi--<26.0.1026.0.10

Severity and metrics

No CVSS data available from this advisory.