What is CVE-2026-11800?

CVE-2026-11800 is a high-severity vulnerability in Red Hat Build Of Keycloak, classified under Improper Verification of Cryptographic Signature. CVSS score: 8.1/10. Published 2026-06-25.

How severe is CVE-2026-11800?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Red Hat Build Of Keycloak

CVE-2026-11800

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can creat…

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Red Hat Build Of Keycloak
Red Hat Build Of Keycloak 26.6 — versions 26.6.4-2, 26.6-8
Red Hat Build Of Keycloak 26.6.4
Red Hat Data Grid 8
Red Hat Jboss Enterprise Application Platform Expansion Pack
Red Hat Single Sign-on 7

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)

Frequently asked questions

What is CVE-2026-11800?: CVE-2026-11800 is a high-severity vulnerability in Red Hat Build Of Keycloak, classified under Improper Verification of Cryptographic Signature. CVSS score: 8.1/10. Published 2026-06-25.
How severe is CVE-2026-11800?: High severity. CVSS v3 base score is 8.1 out of 10.