Keycloak
26.6.4SecurityKeycloak 26.6.4 is a security release fixing eight CVEs, including two critical issues (privilege escalation and JWT authentication bypass) and four high-severity authorization bypasses. Operators should upgrade promptly; the release also bumps Quarkus to 3.33.2.1.
securityTwo critical vulnerabilities: group-admin escalation and JWT auth bypass
CVE-2026-9099 lets a group admin escalate to realm-admin, and CVE-2026-11800 allows authentication bypass via JWT algorithm confusion. Both are rated critical. Upgrade to 26.6.4 as soon as possible.
securityFour high-severity authorization and access-control bypasses
CVE-2026-9705 (client takeover via registration access token), CVE-2026-9795 (privilege escalation via scope mapping), CVE-2026-9799 (UMA permission ticket bypass), and CVE-2026-9800 (policy enforcer authorization bypass via incorrect URI comparison) are all rated high. If you use UMA authorization, fine-grained scope mappings, or the Policy Enforcer, prioritize this upgrade.
securityTwo medium-severity issues: info disclosure and XSS
CVE-2026-9083 (filesystem path probing) and CVE-2026-9086 (XSS via case-insensitive URI validation bypass) are rated medium and round out the fix set.
主な変更 (5)
- Eight CVEs fixed in this release, two rated critical: CVE-2026-9099 (group-admin to realm-admin escalation) and CVE-2026-11800 (JWT algorithm confusion auth bypass)
- Four high-severity fixes: client takeover via registration access token (CVE-2026-9705), scope-mapping privilege escalation (CVE-2026-9795), UMA permission ticket bypass (CVE-2026-9799), and Policy Enforcer authorization bypass via URI comparison (CVE-2026-9800)
- Two medium-severity fixes: filesystem path probing information disclosure (CVE-2026-9083) and URI validation bypass XSS (CVE-2026-9086)
- Quarkus dependency bumped to 3.33.2.1
- Minor build and packaging fixes: Infinispan protoschema build on the 26.2 branch, CI fixes for JS and Admin Client test suites, keycloak-api-docs-dist packaging, plus a migration guide reference correction