Privilege escalation in Red Hat Build Of Keycloak

CVE-2026-12388

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity pro…

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-12388?
CVE-2026-12388 is a medium-severity vulnerability in Red Hat Build Of Keycloak, classified under Incorrect Privilege Assignment. CVSS score: 6.5/10. Published 2026-06-30.
How severe is CVE-2026-12388?
Medium severity. CVSS v3 base score is 6.5 out of 10.