4.9
CVE-2026-9083
- EPSS 0.52%
- Veröffentlicht 25.06.2026 16:17:49
- Zuletzt bearbeitet 01.07.2026 17:22:17
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
Information disclosure through arbitrary filesystem path probing
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Keycloak Version >= 26.4 < 26.4.13
Redhat ≫ Build Of Keycloak Version >= 26.6 < 26.6.4
VulnDex Vulnerability Enrichment
Weitere Schwachstelleninformationen
SystemKeycloak
≫
Produkt
Keycloak Server
Version
< 26.6.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.402 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://access.redhat.com/security/cve/CVE-2026-9083
https://bugzilla.redhat.com/show_bug.cgi?id=2480168
https://access.redhat.com/errata/RHSA-2026:30083
https://access.redhat.com/errata/RHSA-2026:30084
https://access.redhat.com/errata/RHSA-2026:30049
https://access.redhat.com/errata/RHSA-2026:30050
https://github.com/keycloak/keycloak/security/advisories/GHSA-9jrw-8xf7-xqhq