Privilege escalation in Red Hat Build Of Keycloak
CVE-2026-12388
A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity pro…
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.
Affected products
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
- secalert@redhat.com (x_refsource_REDHAT, issue-tracking)
Frequently asked questions
- What is CVE-2026-12388?
- CVE-2026-12388 is a medium-severity vulnerability in Red Hat Build Of Keycloak, classified under Incorrect Privilege Assignment. CVSS score: 6.5/10. Published 2026-06-30.
- How severe is CVE-2026-12388?
- Medium severity. CVSS v3 base score is 6.5 out of 10.