CVE-2026-11800 | A flaw was found in Keycloak. This JWT algorithm confusion v… | CVSS 8.1 HIGH

Description

A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to impersonate any federated user linked to the affected Identity Provider, leading to unauthorized access and potential privilege escalation.

Metadata

CVE ID: CVE-2026-11800
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-09 14:06 UTC
Published: 2026-06-25 20:57 UTC
Last updated: 2026-06-25 20:57 UTC
Primary CWE: CWE-347
Improper Verification of Cryptographic Signature
Vendor / Product: Red Hat / Red Hat build of Keycloak 26.6
Sources: cve.org · NVD

Severity & Metrics

8.1 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Affected products (9)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Build of Keycloak	—	—
Red Hat	Red Hat Build of Keycloak	—	—
Red Hat	Red Hat build of Keycloak 26.6	—	26.6.4-2 < *
Red Hat	Red Hat build of Keycloak 26.6	—	26.6-8 < *
Red Hat	Red Hat build of Keycloak 26.6	—	26.6-8 < *
Red Hat	Red Hat build of Keycloak 26.6.4	—	—
Red Hat	Red Hat Data Grid 8	—	—
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	—	—
Red Hat	Red Hat Single Sign-On 7	—	—

Weakness (CWE)

CWE	Source	Description
CWE-347	cna	Improper Verification of Cryptographic Signature

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.1	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References (4)

RHSA-2026:30083 https://access.redhat.com/errata/RHSA-2026:30083
RHSA-2026:30084 https://access.redhat.com/errata/RHSA-2026:30084
https://access.redhat.com/security/cve/CVE-2026-11800
RHBZ#2487006 https://bugzilla.redhat.com/show_bug.cgi?id=2487006