{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9088", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-05-20T15:01:48.645Z", "datePublished": "2026-06-05T07:52:52.858Z", "dateUpdated": "2026-06-26T07:01:31.888Z"}, "containers": {"cna": {"title": "Keycloak: keycloak: information disclosure due to user profile permission bypass", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.4.13-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.4-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.4-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.6.3-3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6.3", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:25097", "name": "RHSA-2026:25097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:25098", "name": "RHSA-2026:25098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30049", "name": "RHSA-2026:30049", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30050", "name": "RHSA-2026:30050", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-9088", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179", "name": "RHBZ#2480179", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-05T07:45:40.116Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-1220", "description": "Insufficient Granularity of Access Control", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "timeline": [{"lang": "en", "time": "2026-05-20T15:01:25.568Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-05T07:45:40.116Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Hadley So for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-26T07:01:31.888Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-05T13:10:30.927804Z", "id": "CVE-2026-9088", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-05T13:10:40.187Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-9088", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-05T13:10:30.927804Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-05T13:10:35.440Z"}}], "cna": {"title": "Keycloak: keycloak: information disclosure due to user profile permission bypass", "credits": [{"lang": "en", "value": "Red Hat would like to thank Hadley So for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4.13-1", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-19", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "versions": [{"status": "unaffected", "version": "26.4-19", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.13", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6.3-3", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6.3", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-05-20T15:01:25.568Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-05T07:45:40.116Z", "value": "Made public."}], "datePublic": "2026-06-05T07:45:40.116Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:25097", "name": "RHSA-2026:25097", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:25098", "name": "RHSA-2026:25098", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30049", "name": "RHSA-2026:30049", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30050", "name": "RHSA-2026:30050", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-9088", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179", "name": "RHBZ#2480179", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1220", "description": "Insufficient Granularity of Access Control"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-26T07:01:31.888Z"}, "x_redhatCweChain": "CWE-1220: Insufficient Granularity of Access Control"}}, "cveMetadata": {"cveId": "CVE-2026-9088", "state": "PUBLISHED", "dateUpdated": "2026-06-26T07:01:31.888Z", "dateReserved": "2026-05-20T15:01:48.645Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-06-05T07:52:52.858Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."}], "id": "CVE-2026-9088", "lastModified": "2026-06-10T22:17:03.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-06-05T08:16:30.990", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:25097"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2026:25098"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2026-9088"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1220"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Hadley So for reporting this issue.", "bugzilla": {"description": "keycloak: Keycloak: Information disclosure due to user profile permission bypass", "id": "2480179", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480179"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-1220", "details": ["A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-9088", "package_state": [{"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Affected", "package_name": "rhbk/keycloak-rhel9", "product_name": "Red Hat Build of Keycloak"}], "public_date": "2026-06-05T07:45:40Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-9088\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-9088"], "statement": "Low: A flaw in Keycloak allows administrators with delegated access to read group memberships and users to bypass user profile permissions. This enables the viewing of user attributes that are configured to be denied, impacting data confidentiality for specific administrative roles.", "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "product": "build_keycloak", "vendor": "redhat"}, {"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Red Hat Build of Keycloak", "source": "cna", "vendor": "Red Hat"}, "product": "build_of_keycloak", "vendor": "redhat"}], "created": "2026-06-05T10:00:13.549284+00:00", "updated": "2026-06-05T12:30:40.439683+00:00", "vendors": ["redhat", "redhat$PRODUCT$build_keycloak", "redhat$PRODUCT$build_of_keycloak"]}