CVE-2026-9083

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

4.9 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks.

Vulnerability Details

Published Date

June 25, 2026

Last Modified

June 26, 2026

CWE ID

CWE-22

Source

NVD

External References

https://access.redhat.com/errata/RHSA-2026:30049
https://access.redhat.com/errata/RHSA-2026:30050
https://access.redhat.com/errata/RHSA-2026:30083
https://access.redhat.com/errata/RHSA-2026:30084
https://access.redhat.com/security/cve/CVE-2026-9083
https://bugzilla.redhat.com/show_bug.cgi?id=2480168

CVE-2026-9083

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment