CVE-2026-9791: Keycloak Organization Metadata Disclosure in OIDC Tokens
An authenticated user who belongs to a Keycloak organization can request tokens or access APIs in ways that expose organization metadata, even after an administrator has turned off the Organizations feature. This metadata leakage could cause downstream applications (resource servers) to make incorrect access control decisions based on stale or unintended organization information.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 4.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Weaknesses (CWE)
- CWE-863
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-26
NVD description (verbatim)
A flaw was found in Keycloak. An authenticated user with existing organization membership can exploit this flaw by accessing user-facing APIs, such as the account API or by requesting an OpenID Connect (OIDC) token with the 'organization' scope. This allows organization metadata to be disclosed in tokens, even after an administrator has explicitly disabled the Organizations feature, potentially leading to incorrect authorization decisions by resource servers.
6 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-9791 is an authorization bypass vulnerability in Keycloak related to improper metadata disclosure. An authenticated attacker with existing organization membership can invoke the account API or request an OIDC token with the 'organization' scope to extract organization metadata from tokens. The flaw persists even when the Organizations feature is administratively disabled, violating the principle of least privilege and the expectation that disabled features should not leak sensitive information. The vulnerability maps to CWE-863 (Incorrect Authorization) and is assigned a CVSS 3.1 score of 4.3 (Medium severity) under a low-complexity network vector with low privilege requirements.
Business impact
The disclosure of organization metadata in tokens could enable lateral movement or privilege escalation within federated identity deployments. Downstream applications relying on organization claims to enforce access control may grant unauthorized access based on stale organizational information. This is particularly concerning in multi-tenant environments where strict organizational boundaries are critical for data isolation. Remediation delays extend exposure, especially in large deployments where patch deployment cycles are lengthy.
Affected systems
Red Hat Build of Keycloak is the primary affected product. Organizations using Keycloak for identity and access management, particularly those leveraging the Organizations feature or those with multi-tenant architectures, should assess their exposure. The vulnerability requires authentication, so unauthenticated attackers cannot trigger it directly; however, any user account with organization membership can exploit it.
Exploitability
Exploitability is straightforward for an attacker with valid credentials. The attack vector is network-based, requires low privilege (basic user account), and involves no complex interactions or user interaction (UI:N). An attacker simply authenticates and requests a token with the 'organization' scope or calls the account API to retrieve metadata. No specialized tools or advanced techniques are required. However, the attack requires pre-existing legitimate access—an attacker must already be an authenticated member of an organization. The CVSS score of 4.3 reflects this limited blast radius.
Remediation
Keycloak administrators should immediately apply patches provided by Red Hat for the Build of Keycloak. Verify the specific patch version in the Red Hat security advisory. As an interim mitigation, review organization feature usage and disable the Organizations feature entirely if not actively required. Audit token scopes issued in OIDC flows to ensure 'organization' claims are not granted to applications that do not require them. Monitor logs for suspicious requests to the account API from users with organization membership.
Patch guidance
Consult the Red Hat Build of Keycloak security advisory for the specific version addressing CVE-2026-9791. Once available, prioritize patching non-production instances first to test token claim behavior and verify that organization metadata is no longer exposed after the patch is applied. Update OIDC scope policies to remove unnecessary 'organization' scope claims from client configurations. Test all dependent applications to confirm they handle the absence of organization metadata correctly.
Detection guidance
Monitor account API access logs for unusual patterns of requests from authenticated users, particularly those accessing organization-related endpoints. Inspect issued OIDC tokens for the presence of organization claims; tokens from instances with Organizations disabled should never contain such claims. Set up alerts for token requests that include the 'organization' scope, especially from service accounts or users outside your trusted administrator groups. Review token lifetime and rotation policies to limit the window in which leaked metadata can be exploited.
Why prioritize this
Although the CVSS score is medium (4.3) and the attack requires authentication, the vulnerability poses a real risk in multi-tenant and federated identity scenarios. The implicit trust that administrators place in disabled features being truly inactive makes this a priority for remediation. Organizations with sensitive organizational boundaries (healthcare, finance, government sectors) should patch promptly. The vulnerability is not listed on the KEV (Known Exploited Vulnerabilities) catalog, but the straightforward attack mechanism and low complexity mean active exploitation could emerge quickly.
Risk score, explained
The CVSS 3.1 score of 4.3 (Medium) reflects the combination of a low attack complexity, low privilege requirement, and network-based vector, but is tempered by the authentication requirement and limited impact scope (confidentiality impact only; no integrity or availability impact). The score appropriately characterizes a vulnerability that is easy to exploit but affects only information disclosure. In practice, the business risk may be higher in organizations where unauthorized access to organizational metadata could cascade into broader access control failures.
Frequently asked questions
Can an unauthenticated attacker exploit this vulnerability?
No. The vulnerability explicitly requires an authenticated user with existing organization membership. An attacker without valid credentials cannot trigger it.
What happens if we disable the Organizations feature? Are we protected?
Disabling the Organizations feature administratively should prevent organization metadata from being exposed, but this vulnerability demonstrates that it does not. Metadata may still leak through tokens or API responses. Patching is required to fully resolve the issue.
Which downstream applications are at risk?
Any resource server or application that makes authorization decisions based on organization claims in OIDC tokens is potentially at risk. If the application trusts organization metadata to enforce role-based or attribute-based access control, it could be tricked into granting unintended access.
Is this vulnerability in the CISA KEV catalog?
No, this vulnerability is not currently listed on the Known Exploited Vulnerabilities (KEV) catalog as of the publication date. However, the straightforward nature of the attack means exploitation could become widespread if patching is delayed.
This analysis is based on publicly disclosed vulnerability information current as of the modified date (2026-06-26). Patch availability and specific remediation steps should be verified against the official Red Hat Build of Keycloak security advisory. Organizations should conduct their own risk assessments based on their specific deployment, architecture, and reliance on organization-based access control. SEC.co provides this information for educational and strategic planning purposes; it does not constitute legal, compliance, or technical support advice. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10211MEDIUMAstrBot 4.23.6 Path Normalization Authorization Bypass
- CVE-2026-10616MEDIUMAuthorization Bypass in nextlevelbuilder GoClaw Task Completion
- CVE-2026-10815MEDIUMAuthorization Bypass in Hostel Management System PHP
- CVE-2026-10860MEDIUMMISP Delete Validation Bypass – Logic Error in HTTP DELETE Handler
- CVE-2026-32906MEDIUMOpenClaw Privilege Escalation in Slack Plugin Approvals
- CVE-2026-34507MEDIUMOpenClaw QQBot Admin Command Policy Bypass (CVSS 5.4)
- CVE-2026-35673MEDIUMOpenClaw SSRF Policy Bypass in Debug and Export Routes
- CVE-2026-40914MEDIUMApache Artemis STOMP Protocol Authorization Bypass