{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-9083", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-05-20T14:11:59.940Z", "datePublished": "2026-06-25T16:17:49.969Z", "dateUpdated": "2026-06-26T06:46:21.516Z"}, "containers": {"cna": {"title": "Keycloak: keycloak: information disclosure through arbitrary filesystem path probing", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. A realm administrator with the \"manage-realm\" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.4.13-1", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.4-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.4-19", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.4.13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.4::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "26.6.4-2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9", "defaultStatus": "affected", "versions": [{"version": "26.6-8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "rhbk/keycloak-rhel9-operator", "defaultStatus": "affected", "versions": [{"version": "26.6-8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}, {"vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6.4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected", "packageName": "rhbk/keycloak-rhel9", "cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:30049", "name": "RHSA-2026:30049", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30050", "name": "RHSA-2026:30050", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30083", "name": "RHSA-2026:30083", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30084", "name": "RHSA-2026:30084", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-9083", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480168", "name": "RHBZ#2480168", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-06-25T15:58:16.784Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "workarounds": [{"lang": "en", "value": "Ensure that only highly trusted administrators are granted the \"manage-realm\" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface."}], "timeline": [{"lang": "en", "time": "2026-05-20T14:11:24.606Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-25T15:58:16.784Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Swapnil Paliwal & Security Team (AxiomCode) for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-26T06:46:21.516Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T17:53:33.860276Z", "id": "CVE-2026-9083", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:53:44.159Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-9083", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T17:53:33.860276Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:53:36.331Z"}}], "cna": {"title": "Keycloak: keycloak: information disclosure through arbitrary filesystem path probing", "credits": [{"lang": "en", "value": "Red Hat would like to thank Swapnil Paliwal & Security Team (AxiomCode) for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6.4-2", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6-8", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6", "versions": [{"status": "unaffected", "version": "26.6-8", "lessThan": "*", "versionType": "rpm"}], "packageName": "rhbk/keycloak-rhel9-operator", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:build_keycloak:26.6::el9"], "vendor": "Red Hat", "product": "Red Hat build of Keycloak 26.6.4", "packageName": "rhbk/keycloak-rhel9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-05-20T14:11:24.606Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-06-25T15:58:16.784Z", "value": "Made public."}], "datePublic": "2026-06-25T15:58:16.784Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:30083", "name": "RHSA-2026:30083", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2026:30084", "name": "RHSA-2026:30084", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2026-9083", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480168", "name": "RHBZ#2480168", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Ensure that only highly trusted administrators are granted the \"manage-realm\" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. A realm administrator with the \"manage-realm\" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-06-25T23:02:38.678Z"}, "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}}, "cveMetadata": {"cveId": "CVE-2026-9083", "state": "PUBLISHED", "dateUpdated": "2026-06-25T23:02:38.678Z", "dateReserved": "2026-05-20T14:11:59.940Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-06-25T16:17:49.969Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{}

{"acknowledgement": "Red Hat would like to thank Swapnil Paliwal & Security Team (AxiomCode) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2026:30084", "cpe": "cpe:/a:redhat:build_keycloak:26.6::el9", "package": "rhbk/keycloak-operator-bundle:26.6.4-2", "product_name": "Red Hat build of Keycloak 26.6", "release_date": "2026-06-25T00:00:00Z"}, {"advisory": "RHSA-2026:30084", "cpe": "cpe:/a:redhat:build_keycloak:26.6::el9", "package": "rhbk/keycloak-rhel9:26.6-8", "product_name": "Red Hat build of Keycloak 26.6", "release_date": "2026-06-25T00:00:00Z"}, {"advisory": "RHSA-2026:30084", "cpe": "cpe:/a:redhat:build_keycloak:26.6::el9", "package": "rhbk/keycloak-rhel9-operator:26.6-8", "product_name": "Red Hat build of Keycloak 26.6", "release_date": "2026-06-25T00:00:00Z"}, {"advisory": "RHSA-2026:30083", "cpe": "cpe:/a:redhat:build_keycloak:26.6::el9", "package": "rhbk/keycloak-rhel9", "product_name": "Red Hat build of Keycloak 26.6.4", "release_date": "2026-06-25T00:00:00Z"}], "bugzilla": {"description": "keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing", "id": "2480168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480168"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A flaw was found in Keycloak. A realm administrator with the \"manage-realm\" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks."], "mitigation": {"lang": "en:us", "value": "Ensure that only highly trusted administrators are granted the \"manage-realm\" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface."}, "name": "CVE-2026-9083", "public_date": "2026-06-25T15:58:16Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-9083\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-9083"], "statement": "Medium: This flaw in Keycloak allows a highly privileged realm administrator with the \"manage-realm\" role to perform arbitrary filesystem path probing. By submitting a crafted keystore path, an authenticated attacker can determine the existence and readability of files on the Keycloak server, potentially identifying high-value targets for further attacks. Exploitation requires an attacker to possess the \"manage-realm\" role, which is a high-level administrative permission.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 98.0, "source": "matching"}]}, "original": {"product": "Red Hat Build of Keycloak", "source": "cna", "vendor": "Red Hat"}, "product": "build_of_keycloak", "vendor": "redhat"}], "created": "2026-06-25T17:45:15.446800+00:00", "updated": "2026-06-25T23:15:04.769549+00:00", "vendors": ["redhat", "redhat$PRODUCT$build_of_keycloak"]}