CVE-2026-9796: Keycloak TOCTOU Privilege Escalation—Persistent Realm-Admin Access
Keycloak has a timing vulnerability that allows an authenticated administrator with `manage-clients` permissions to temporarily escalate themselves to `realm-admin` role during a narrow window when role checks occur. Once granted, this elevated access persists indefinitely—even after the attacker's own admin permissions are removed or the system restarts. This creates a privilege escalation path that is difficult to detect and remediate after the fact.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Weaknesses (CWE)
- CWE-367
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-05-28 / 2026-06-17
NVD description (verbatim)
A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to `realm-admin` for all users within the realm, granting them extensive control over the system. The composite role relationship persists even after the attacker's own permissions are revoked and across system reboots.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-9796 is a Time-of-check to time-of-use (TOCTOU) flaw in Keycloak's name-based admin role validation logic. An authenticated principal holding the `manage-clients` role can race a state change to inject themselves into the `realm-admin` composite role before authorization checks complete. The composite role relationship is persisted to the database and becomes independent of the attacker's original role memberships. Subsequent revocation of the attacker's `manage-clients` role does not automatically cascade to remove the maliciously-assigned `realm-admin` membership, allowing the privilege escalation to survive administrative remediation attempts and system restarts.
Business impact
Compromise of Keycloak's role-based access control (RBAC) model undermines the entire identity federation and authorization foundation it provides to dependent applications. An attacker gaining `realm-admin` can modify user accounts, change authentication policies, exfiltrate credentials, redirect authentication flows, or lock legitimate administrators out of the system. In multi-tenant deployments, realm-wide compromise may affect hundreds or thousands of downstream applications and user accounts. Recovery requires database-level role auditing and manual cleanup, not simply removing the attacker's account.
Affected systems
Red Hat Build of Keycloak is the confirmed affected product line. Organizations running Keycloak in any deployment model (on-premises, containerized, cloud-hosted) that have users with `manage-clients` admin role are at risk. The vulnerability requires authenticated access and elevated but not maximum privileges, making it exploitable by a broad class of internal administrators or by external attackers who have compromised a lower-privileged admin account.
Exploitability
Exploitability requires two conditions: (1) the attacker must already hold valid Keycloak credentials with the `manage-clients` role, and (2) the attacker must be able to trigger a client creation or role assignment operation during the specific moment when name-based role checks are performed. The TOCTOU window is likely narrow and may require multiple attempts or race condition techniques, but the barrier to entry is moderate for someone with existing admin access. No user interaction or complex social engineering is required. Once successful, the exploit is self-sustaining because the escalated role persists across administrative revocation and reboots.
Remediation
Immediate action: verify all `realm-admin` role memberships against your baseline. Check the Keycloak audit logs and database for any `realm-admin` composite role assignments to users who should not have that access. Remove unauthorized assignments manually. Coordinate with your identity governance team to audit dependent applications that may have been impacted. Medium-term: apply the security patch from Red Hat as soon as available and test thoroughly in a non-production environment before deployment. Long-term: implement role-based access policies that minimize the number of users holding `manage-clients` or equivalent high-privilege roles, and enforce periodic role membership reviews.
Patch guidance
Watch for a security advisory from Red Hat addressing CVE-2026-9796. Apply the patch to all Keycloak instances, including Red Hat Build of Keycloak deployments. Test the patch in a staging environment to verify it does not disrupt authentication flows or role assignment workflows. After patching, consider running a one-time validation script to confirm no lingering unauthorized `realm-admin` role memberships exist, as the patch will prevent new exploits but will not retroactively remove malicious assignments made before patching.
Detection guidance
Search Keycloak audit logs for suspicious `realm-admin` role assignments, particularly those created by users holding `manage-clients` role or shortly after client creation operations. Monitor for failed or repeated role assignment attempts that could indicate TOCTOU race condition attempts. Alert on any change to composite role membership where the modifier and recipient are the same user or part of a suspicious pattern. For database-level detection, query the role membership tables to identify `realm-admin` assignments where the associated user does not have a corresponding privileged administrative record (cross-reference with user metadata and audit trails).
Why prioritize this
Although the CVSS score is 6.5 (MEDIUM), the real-world impact is elevated due to the persistence of the privilege escalation, its invisibility to standard role membership queries after revocation, and its application to all users in a realm. The vulnerability is not currently in the CISA KEV catalog, suggesting remediation may not yet be patching widely, creating a window of asymmetric risk. Organizations with strict RBAC policies and high audit maturity should prioritize this quickly; those with weak role governance and minimal audit logging face substantially higher actual risk.
Risk score, explained
The CVSS 3.1 score of 6.5 reflects a medium attack vector (network-accessible Keycloak instance), low attack complexity (standard web requests), high privileges required (authenticated with `manage-clients` role), and high impact to confidentiality and integrity of the system. The score does not fully capture the persistence and stealthiness of the post-exploitation state, which elevates practical risk. The absence from the KEV catalog suggests either recent publication or limited active exploitation so far, but organizations should not interpret this as low urgency given the severity of the end-state compromise.
Frequently asked questions
Can an attacker with just a regular user account exploit this, or do they need admin privileges?
They need to already hold the `manage-clients` admin role in Keycloak. This is not exploitable by a standard end-user. However, if an attacker compromises a lower-level admin account, they can then use this vulnerability to elevate themselves further to `realm-admin`, extending the scope of their compromise.
If we remove the attacker's `manage-clients` role after we discover the compromise, does that automatically revoke the malicious `realm-admin` access they granted themselves?
No. This is the critical issue: the TOCTOU vulnerability allows the attacker to grant themselves a `realm-admin` composite role membership that becomes independent. Simply removing their original admin role does not cascade to remove the `realm-admin` membership. Manual cleanup of the role assignment is required, which is why database auditing and log review are essential first steps.
Does this vulnerability affect Keycloak installations that do not use the admin console or role-based authorization?
Any Keycloak deployment using named composite roles and the admin API for role management is at risk. Installations that bypass the standard role management features may have different exposure, but this is not a reliable mitigation. All standard Keycloak deployments should be considered vulnerable until patched.
Will a simple database restore or reboot undo the malicious role assignment?
No. The vulnerability exploits the persistence layer itself; the attacker's role assignment is written to the database during the exploit and is not reversed by a reboot. A restore would only work if you restore from a backup known to predate the compromise, which is often not feasible in production. This is why timely detection and targeted role revocation are critical.
This analysis is provided for informational purposes by SEC.co and reflects publicly disclosed vulnerability information as of the publication date. Exploit code or weaponized proof-of-concept is not provided. Patch version numbers and availability should be verified against official Red Hat security advisories. Organizations must conduct their own risk assessment based on their Keycloak deployment architecture, the number of users with `manage-clients` role, and their audit logging and monitoring maturity. No warranty is provided regarding the completeness or accuracy of this information. Consult with your security team and vendor advisories before implementing any remediation steps. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2025-59610MEDIUMQualcomm Memory Corruption via IOCTL API Version Mismatch – Patch Guidance
- CVE-2026-20454MEDIUMMediaTek geniezone Race Condition Privilege Escalation (CVSS 6.4)
- CVE-2026-45619MEDIUMWWBN AVideo DNS-Rebinding SSRF Vulnerability
- CVE-2026-46159MEDIUMLinux btrfs TOCTOU Race Condition Information Disclosure
- CVE-2026-46194MEDIUMLinux F2FS Extent Node Race Condition Leading to Kernel Crash
- CVE-2025-64390HIGHPlayStation 4 BD-J Sandbox Escape Privilege Escalation (Firmware 13.00-13.02)
- CVE-2026-25260HIGHQualcomm Firmware Memory Corruption Vulnerability
- CVE-2026-46227HIGHLinux SCTP Race Condition Use-After-Free Privilege Escalation