Primary

Context

Keycloak Privilege Escalation Vulnerability via Misconfigured Client Management Permissions

Vulnerability

A privilege escalation vulnerability exists in Keycloak. An administrator with 'manage-clients' permission can exploit a misconfiguration that equates this permission to 'manage-permissions'. This allows the administrator to escalate privileges and control roles, users, or other administrative functions within the realm. The issue arises when admin permissions are enabled at the realm level.

Impact

Exploitation of this vulnerability allows an administrator to escalate privileges and gain control over roles, users, and other administrative functions within the realm.

Reproduction

To reproduce this vulnerability, enable admin permissions at the realm level. Then, create an admin user and grant it 'manage', 'view', and 'list' clients permissions. This user can then exploit the misconfiguration to access 'manage-permissions' functionalities.

Added: Mar 26, 2026, 7:22 PM

Updated: Mar 26, 2026, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.8

remediation

7.9

relevance

4.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.8

remediation

7.9

relevance

4.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Privilege Escalation Vulnerability via Misconfigured Client Management Permissions

Vulnerability

Impact

Reproduction

Affected Products

Red Hat Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating