Description
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.
Published: 2026-06-25
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw allows someone who holds the manage‑realm role in Keycloak to submit an arbitrary filesystem path as the keystore parameter when creating a key provider component. This gives the attacker the ability to probe whether specific files exist and are readable by the Keycloak process, thereby revealing filesystem contents that should remain hidden. The impact is an information‑disclosure flaw that could be leveraged by an attacker to locate sensitive configuration or data files for use in subsequent attacks. The vulnerability is a classic Path Traversal weakness, corresponding to CWE‑22.

Affected Systems

The affected product is the Red Hat Build of Keycloak. No specific version range is provided, so all deployments of this vendor product may be susceptible until a patch becomes available.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate severity. An attacker needs the manage‑realm role, limiting exploitation to users with elevated privileges within the realm. EPSS is not available and the flaw is not listed in CISA’s KEV catalog, indicating that public exploitation has not yet been reported. The primary impact remains information disclosure, yet the disclosed data could aid further attack attempts.

Generated by OpenCVE AI on June 25, 2026 at 18:07 UTC.

Remediation

Vendor Workaround

Ensure that only highly trusted administrators are granted the "manage-realm" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface.


OpenCVE Recommended Actions

  • Update to the latest Red Hat Keycloak release that fixes the path traversal flaw.
  • Restrict the manage‑realm role to only highly trusted administrators and audit assignments on a regular basis.
  • Disable or constrain the filesystem paths as keystore parameters during key provider creation, for example by enforcing server‑side validation or by modifying configuration settings.

Generated by OpenCVE AI on June 25, 2026 at 18:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak:26.4::el9
References

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Thu, 25 Jun 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat build Of Keycloak
Vendors & Products Redhat build Of Keycloak

Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:build_keycloak: cpe:/a:redhat:build_keycloak:26.6::el9
References

Thu, 25 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.
Title Keycloak: keycloak: information disclosure through arbitrary filesystem path probing
First Time appeared Redhat
Redhat build Keycloak
Weaknesses CWE-22
CPEs cpe:/a:redhat:build_keycloak:
Vendors & Products Redhat
Redhat build Keycloak
References
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}


Subscriptions

Redhat Build Keycloak Build Of Keycloak
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-26T06:46:21.516Z

Reserved: 2026-05-20T14:11:59.940Z

Link: CVE-2026-9083

cve-icon Vulnrichment

Updated: 2026-06-25T17:53:36.331Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T15:58:16Z

Links: CVE-2026-9083 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T23:15:04Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')