Comparison using wrong factors in Keycloak - CVE-2026-9800
Published: June 29, 2026
Keycloak
Detailed vulnerability description
The vulnerability allows a remote user to bypass authorization policies and gain unauthorized access to protected resources.
The vulnerability exists due to comparison using wrong factors in the Keycloak Policy Enforcer when handling request URLs containing the configured access-denied page path. A remote user can include the configured access-denied page path in a request URL as a path segment or query parameter to bypass authorization policies and gain unauthorized access to protected resources.
This can bypass role, scope, and User-Managed Access (UMA) permission checks.