What is CVE-2026-9088?

CVE-2026-9088 is a low-severity vulnerability in Red Hat Build Of Keycloak, classified under CWE-1220. CVSS score: 2.7/10. Published 2026-06-05.

How severe is CVE-2026-9088?

Low severity. CVSS v3 base score is 2.7 out of 10.

Vulnerability in Red Hat Build Of Keycloak

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user a…

CVSS v3 metric

CVSS v3 base score 2.7 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N.

Affected products

Red Hat Build Of Keycloak

Weakness classification (CWE)

CWE-1220

References

secalert@redhat.com (x_refsource_REDHAT, vdb-entry)
secalert@redhat.com (x_refsource_REDHAT, issue-tracking)

Frequently asked questions

What is CVE-2026-9088?: CVE-2026-9088 is a low-severity vulnerability in Red Hat Build Of Keycloak, classified under CWE-1220. CVSS score: 2.7/10. Published 2026-06-05.
How severe is CVE-2026-9088?: Low severity. CVSS v3 base score is 2.7 out of 10.