CVE-2026-3121

{"id": "CVE-2026-3121", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-03-26T19:17:06.213", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:6477", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:6478", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-3121", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442277", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-266"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en Keycloak. Un administrador con permiso 'manage-clients' puede explotar una mala configuraci\u00f3n donde este permiso es equivalente a 'manage-permissions'. Esto permite al administrador escalar privilegios y obtener control sobre roles, usuarios u otras funciones administrativas dentro del \u00e1mbito. Esta escalada de privilegios puede ocurrir cuando los permisos de administrador est\u00e1n habilitados a nivel de \u00e1mbito."}], "lastModified": "2026-04-02T14:16:31.713", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "E5C930CB-4EAD-497B-A44B-D880F2A1F85B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D8BC03A-4198-4488-946B-3F6B43962942"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}