Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-9798— Keycloak: keycloak: brute-force protection bypass in ciba flow

CVSS 4.3 · Medium EPSS 0.21% · P11

Affected Version Matrix 1

VendorProductVersion RangeStatus
Red HatRed Hat Build of Keycloakanyaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-9798

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Keycloak: keycloak: brute-force protection bypass in ciba flow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this brute-force protection. This allows continued authentication attempts and token issuance even when the account should be locked, potentially enabling further unauthorized access attempts.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用基本弱点进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Keycloak 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在安全漏洞,该漏洞源于当用户账户因重复登录失败尝试被临时锁定时,具有有效客户端凭据的攻击者可利用客户端发起的反向信道认证流程绕过暴力破解保护,可能导致即使在账户应被锁定时仍能继续身份验证尝试和令牌发放,从而可能进行进一步的未经授权访问尝试。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Red HatRed Hat Build of Keycloak-cpe:/a:redhat:build_keycloak:

II. Public POCs for CVE-2026-9798

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-9798

登录查看更多情报信息。

Vendor Advisories for CVE-2026-9798 (1)

Other References for CVE-2026-9798 (1)

Same Patch Batch · Red Hat · 2026-05-28 · 14 CVEs total

CVE-2026-44089.0 CRITICALSamba: remote code execution in samr
CVE-2026-98047.7 HIGHKubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read
CVE-2026-97957.3 HIGHKeycloak: keycloak: privilege escalation via improper scope mapping enforcement
CVE-2026-446047.0 HIGHRpm: command injection in rpmuncompress dountar() via unescaped archive top-level director
CVE-2026-98026.8 MEDIUMKeycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster
CVE-2026-97926.5 MEDIUMKeycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition
CVE-2026-97966.5 MEDIUMKeycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnera
CVE-2026-97935.9 MEDIUMKeycloak: keycloak: security policy bypass in jwe-encrypted request object processing
CVE-2026-97945.3 MEDIUMKeycloak: keycloak: information disclosure via saml ecp endpoint
CVE-2026-98035.3 MEDIUMKeycloak: keycloak: denial of service via malformed authorization header
CVE-2026-98014.9 MEDIUMKeycloak: keycloak: denial of service via malformed ldap password policy response
CVE-2026-97914.3 MEDIUMKeycloak-rhel9: organization data leak after feature disabled in keycloak
CVE-2026-100284.3 MEDIUMGlib-networking: infinite loop in glib-networking gnutls backend allows remote denial of s

IV. Related Vulnerabilities

Same product: Red Hat Build of Keycloak
Same vendor: Red Hat
Same weakness: CWE-305

V. Comments for CVE-2026-9798

No comments yet

Leave a comment