Vulnerability Description
A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Build Of Keycloak | - |
| Redhat | Jboss Enterprise Application Platform | 8.0.0 |
| Redhat | Jboss Enterprise Application Platform Expansion Pack | - |
| Redhat | Single Sign-On | 7.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2026:6477
- https://access.redhat.com/errata/RHSA-2026:6478
- https://access.redhat.com/security/cve/CVE-2026-3121Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2442277Issue TrackingVendor Advisory
FAQ
What is CVE-2026-3121?
CVE-2026-3121 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrato...
How severe is CVE-2026-3121?
CVE-2026-3121 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3121?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Build Of Keycloak, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Application Platform Expansion Pack, Redhat Single Sign-On.