Multiple vulnerabilities in KeyCloak (June 29, 2026)
Multiple vulnerabilities have been discovered in KeyCloak. Some of them allow an attacker to cause remote arbitrary code execution, privilege escalation, and data confidentiality breaches.
CSIRTS triage
- What
- Multiple vulnerabilities can lead to remote code execution, privilege escalation, and data confidentiality breaches.
- Who is affected
- Users of KeyCloak, specifics not detailed in the advisory.
- Urgency
- Remediation is urgent due to the potential for serious security breaches.
- Action
- Update KeyCloak to the latest version to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch KeyCloak
Get an email when a new KeyCloak advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0815/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-90860.42% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2026-90990.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all scored CVEs.
- Low exploitation riskCVE-2026-98000.30% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 22% of all scored CVEs.
- Low exploitation riskCVE-2026-97950.29% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 21% of all scored CVEs.
- Low exploitation riskCVE-2026-97050.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 18% of all scored CVEs.
- Low exploitation riskCVE-2026-97990.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 6% of all scored CVEs.
- Low exploitation riskCVE-2026-90830.52% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 40% of all scored CVEs.
- Low exploitation riskCVE-2026-118000.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-9086 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9099 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9800 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9795 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9705 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9799 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-9083 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-11800 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
Recent advisories for KeyCloak
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- medium[UPDATE] [medium] Keycloak (admin-ui-ext): Vulnerability allows file manipulationcert-bund · 2026-07-09
- medium[UPDATE] [medium] Keycloak: Multiple vulnerabilitiescert-bund · 2026-07-09
- high[UPDATE] [high] Keycloak: Multiple vulnerabilitiescert-bund · 2026-07-09
- medium[NEW] [UNPATCHED] [medium] Keycloak: Multiple vulnerabilitiescert-bund · 2026-07-06
- criticalCVE-2026-53913: Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('…nvd · 2026-07-06
- criticalCVE-2026-46455: Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-ke…nvd · 2026-07-06
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10