CVE-2026-9099 | Keycloak on Red Hat Admin REST API GroupResource.addChild authorization

June 25, 2026 Yanac

A vulnerability was found in Keycloak on Red Hat. It has been declared as problematic. Affected by this issue is the function GroupResource.addChild of the component Admin REST API. Such manipulation leads to authorization bypass.

This vulnerability is documented as CVE-2026-9099. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More