MEDIUM 5.9

CVE-2026-9793: Keycloak JWE Signature Bypass in OIDC Request Objects

Keycloak has a vulnerability in how it handles encrypted OpenID Connect requests. When a JWE-encrypted request object arrives, Keycloak may skip signature verification on the decrypted JSON claims, allowing an attacker to inject unauthorized claims into the OIDC authorization flow. This bypasses a key security control designed to ensure claims haven't been tampered with. The vulnerability is classified as medium severity because while it compromises data integrity, exploitation requires specific conditions and the redirect URI allowlist provides some defense-in-depth protection.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.9 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Weaknesses (CWE)
CWE-347
Affected products
1 configuration(s)
Published / Modified
2026-05-28 / 2026-06-17

NVD description (verbatim)

A flaw was found in Keycloak. When a JSON Web Encryption (JWE) encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leading to a compromise of data integrity within the OpenID Connect (OIDC) authorization flow. While a redirect URI allowlist acts as a compensating control, this vulnerability violates OIDC Core and Financial-grade API (FAPI) signing requirements.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in Keycloak's JWE decryption logic for OIDC request objects. When a request object is JWE-encrypted, the decrypted content is processed without properly enforcing the signature policy. If the decrypted payload is raw JSON rather than a nested signed JWT, Keycloak fails to validate the signature, treating unsigned claims as valid. This violates the OIDC Core specification and FAPI specification requirements, both of which mandate signature verification. An attacker can craft a malicious JWE-encrypted request containing forged claims (such as redirect_uri, client_id, or scope modifications) that will be accepted without cryptographic proof of authenticity. The redirect URI allowlist mitigates exposure by restricting where the authorization code can be sent, but does not prevent the integrity violation itself.

Business impact

An attacker exploiting this vulnerability could inject unauthorized claims into the OAuth/OIDC flow, potentially escalating privileges, altering requested scopes, or manipulating user context within an OIDC-federated system. For organizations using Keycloak as a central identity provider, this risks unauthorized access grants and data integrity breaches. Customers relying on OIDC for secure API delegation or financial services (FAPI compliance) face particular exposure, as the vulnerability directly contradicts compliance requirements. The actual business impact depends on downstream relying parties' implementation maturity—strict validation of claims may limit some attack vectors, but the core integrity guarantee is broken.

Affected systems

Red Hat Build of Keycloak is affected. Organizations running Keycloak as an identity provider, especially in OIDC-federated or FAPI-regulated deployments, should assess their deployment versions. Keycloak is commonly used in containerized and cloud-native environments for authentication and authorization, so impact extends across any client application consuming OIDC tokens from an affected Keycloak instance.

Exploitability

Exploitation requires crafting a valid JWE-encrypted request object and submitting it to Keycloak's authorization endpoint. The attacker must have knowledge of the encryption key or be able to observe its use, raising the attack complexity. However, the attack does not require user interaction or authentication. Once a malicious request is submitted, the unsigned claims are accepted, making the post-exploitation steps straightforward. The redirect URI allowlist acts as a partial control by limiting where authorization codes can be returned, but does not prevent claim injection itself. Overall exploitability is moderate given the need to construct valid JWE payloads, but the barrier is not prohibitively high for a motivated attacker with network access.

Remediation

Apply a security update from Red Hat addressing the JWE decryption logic to enforce signature verification regardless of whether decrypted content is a signed JWT or raw JSON. Verify against the Red Hat advisory for the specific patched version of Build of Keycloak. Until patching is feasible, strengthen compensating controls: enforce strict validation of critical claims (redirect_uri, client_id, scope) on the relying party side, implement request object signing requirements in client configurations, and audit OIDC token usage for anomalies. Monitor for suspicious authorization requests with unusual claim values.

Patch guidance

Check the Red Hat security advisory for Build of Keycloak to identify the patched version that resolves the signature verification bypass. Apply patches through your standard Keycloak update process, testing in a staging environment first to ensure compatibility with client integrations. If Keycloak is containerized, rebuild and redeploy container images with the patched version. Verify that the patch enforces signature verification on decrypted request objects before rolling out to production. Given the OIDC/FAPI compliance implications, document the remediation as part of compliance evidence.

Detection guidance

Monitor Keycloak authorization endpoint logs for requests with JWE-encrypted request objects that contain raw JSON claims (indicating the decryption pathway is in use). Look for authorization requests where the redirect_uri, scope, or client_id differ unexpectedly from legitimate patterns, or where claims appear unsigned. Implement OIDC request validation on the relying party side: reject requests where critical claims lack cryptographic proof of origin. Enable detailed audit logging in Keycloak to capture request object content and signature status. Search for spikes in failed or anomalous authorization requests that may indicate attack attempts.

Why prioritize this

Despite medium CVSS severity, this vulnerability warrants prioritization for organizations relying on Keycloak for OIDC federation or FAPI compliance. The integrity of the OIDC authorization flow is fundamental to zero-trust architecture and federated identity security. While the attack complexity is moderate, the violation of core specification requirements and the potential for privilege escalation or scope expansion make it a control-plane vulnerability. Financial services, healthcare, and government deployments should treat this as high priority. General enterprises should address it in their next maintenance window but not defer indefinitely.

Risk score, explained

The CVSS 3.1 score of 5.9 (MEDIUM) reflects no impact on confidentiality or availability, but HIGH impact on integrity. The attack vector is network-based, but attack complexity is HIGH (due to JWE crafting requirements), and no privileges or user interaction are required. The scope is unchanged. The score appropriately captures the integrity-focused nature of the vulnerability, though organizations with strict data integrity or compliance requirements should factor in business context beyond the base score.

Frequently asked questions

Does this vulnerability allow remote code execution or system compromise?

No. This vulnerability is limited to integrity of OIDC claims within the authorization flow. It does not enable code execution, denial of service, or compromise of Keycloak's confidentiality. The attacker can inject or modify claims, not directly access sensitive data or disrupt service.

If we use only signed request objects (not JWE-encrypted), are we safe?

Signed request objects without encryption follow a different code path and are not vulnerable to this specific issue, as they do not undergo JWE decryption. However, verify your Keycloak configuration and the OIDC client specifications in use. The vulnerability specifically affects JWE-encrypted request objects, so clients not using that feature have reduced exposure, though they should still patch for defense-in-depth.

What is the difference between this vulnerability and general OIDC replay or substitution attacks?

This vulnerability is specific to Keycloak's implementation of JWE decryption for request objects. It allows unsigned claims to be accepted after decryption, bypassing the signature policy. General OIDC attacks focus on token theft, code substitution, or state parameter manipulation. This vulnerability targets the request object integrity check itself, making it a fundamental control-plane flaw rather than a token-level attack.

Is the redirect URI allowlist sufficient protection until we patch?

The redirect URI allowlist provides partial mitigation by restricting where authorization codes can be sent, reducing the attacker's ability to capture the code. However, it does not prevent the integrity violation—forged claims are still accepted and honored by Keycloak. It should not be relied upon as a sole compensating control. Strong relying party validation and patching are essential.

This analysis is based on public CVE data as of the publication date. Verify all technical details, affected versions, and patch availability against the official Red Hat security advisory and Keycloak release notes before deploying patches or remediation measures. CVE-2026-9793 is not currently listed on the CISA Known Exploited Vulnerabilities catalog. SEC.co does not provide legal or compliance advice; organizations should consult their compliance and risk teams regarding FAPI or other regulatory implications. Proof-of-concept code or weaponized exploits are not discussed in this analysis. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).