8.1

CVE-2026-11800

Org.keycloak:keycloak-services: keycloak: authentication bypass via jwt algorithm confusion

Authentication bypass via jwt algorithm confusion

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to impersonate any federated user linked to the affected Identity Provider, leading to unauthorized access and potential privilege escalation.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatBuild Of Keycloak Version >= 26.6 < 26.6.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemKeycloak
Produkt Keycloak Server
Version < 26.6.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.078
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/errata/RHSA-2026:30083
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:30084
Vendor Advisory
https://access.redhat.com/security/cve/CVE-2026-11800
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2487006
Vendor Advisory
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-11800.json
Vendor Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-j97h-3f8r-mrjr
Third Party Advisory