Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-9791

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-28 May, 2026 | 03:27
Updated At-28 May, 2026 | 12:19
Rejected At-
Credits

Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:28 May, 2026 | 03:27
Updated At:28 May, 2026 | 12:19
Rejected At:
▼CVE Numbering Authority (CNA)
Keycloak-rhel9: organization data leak after feature disabled in keycloak

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-863Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Administrators should verify that disabling the Organizations feature properly blocks all organization-related functionality. Consider implementing additional access controls or removing organization memberships before disabling the feature.

Exploits
Credits
Red Hat would like to thank Evan Hendra (Independent Security Researcher) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-05-28 03:06:33
Made public.2026-05-28 03:08:53
Event: Reported to Red Hat.
Date: 2026-05-28 03:06:33
Event: Made public.
Date: 2026-05-28 03:08:53
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-9791
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2482458
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-9791
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2482458
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:28 May, 2026 | 05:16
Updated At:28 May, 2026 | 13:44

A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-863Primarysecalert@redhat.com
CWE ID: CWE-863
Type: Primary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-9791secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2482458secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-9791
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2482458
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

254Records found
CVE-2023-39965
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.10%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 17:42
Updated-04 Oct, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
1Panel Unauthorized access in Backend

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.

Action-Not Available
Vendor-FIT2CLOUD Inc.1Panel (FIT2CLOUD Inc.)
Product-1panel1Panel1panel
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-34958
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.26%
||
7 Day CHG~0.00%
Published-08 Jun, 2023 | 00:00
Updated-06 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID.

Action-Not Available
Vendor-chamilon/a
Product-chamilo_lmsn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-4745
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.23%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 15:35
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL. IBM X-Force ID: 172883.

Action-Not Available
Vendor-IBM Corporation
Product-maximo_for_transportationmaximo_for_life_sciencesmaximo_asset_managementmaximo_for_oil_and_gasmaximo_for_utilitiesmaximo_for_nuclear_powermaximo_for_aviationMaximo Asset Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-12837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.22%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 16:53
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.

Action-Not Available
Vendor-gencatn/a
Product-portal_d\'acces_a_la_universitatn/a
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found