7.2
CVE-2026-3121
- EPSS 0.01%
- Veröffentlicht 26.03.2026 19:13:26
- Zuletzt bearbeitet 02.04.2026 14:16:31
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Keycloak Version- SwEdition-
Redhat ≫ Jboss Enterprise Application Platform Version8.0.0
Redhat ≫ Single Sign-on Version7.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.017 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 6.5 | 1.2 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.