Information disclosure through arbitrary filesystem path probing
Summary
A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks. A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining which files exist and are readable by the Keycloak process. This information disclosure could be used to identify high-value targets for follow-on attacks. Medium: This flaw in Keycloak allows a highly privileged realm administrator with the "manage-realm" role to perform arbitrary filesystem path probing. By submitting a crafted keystore path, an authenticated attacker can determine the existence and readability of files on the Keycloak server, potentially identifying high-value targets for further attacks. Exploitation requires an attacker to possess the "manage-realm" role, which is a high-level administrative permission. Red Hat severity: Moderate — CVSS 4.9 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). Weakness: CWE-22. Fixed by RHSA-2026:30050, RHSA-2026:30049, RHSA-2026:30084, RHSA-2026:30083 — update the affected packages (`sudo dnf update`). Affected Red Hat products: Red Hat build of Keycloak 26.4; Red Hat build of Keycloak 26.4.13; Red Hat build of Keycloak 26.6; Red Hat build of Keycloak 26.6.4.
- rhbk/keycloak-operator-bundle:26.4.13-1
- rhbk/keycloak-rhel9-operator:26.4-19
- rhbk/keycloak-rhel9
- rhbk/keycloak-rhel9:26.6-8
- rhbk/keycloak-rhel9:26.4-19
- rhbk/keycloak-operator-bundle:26.6.4-2
- rhbk/keycloak-rhel9-operator:26.6-8
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- rhbk/keycloak-operator-bundle:26.4.13-1
- rhbk/keycloak-rhel9:26.4-19
- rhbk/keycloak-rhel9-operator:26.4-19
- rhbk/keycloak-rhel9
- rhbk/keycloak-operator-bundle:26.6.4-2
- rhbk/keycloak-rhel9:26.6-8
- rhbk/keycloak-rhel9-operator:26.6-8
- RHSA-2026:30050
- RHSA-2026:30049
- RHSA-2026:30084
- RHSA-2026:30083
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Ensure that only highly trusted administrators are granted the "manage-realm" role within Keycloak. This role provides extensive administrative privileges, including the ability to exploit this vulnerability for filesystem probing. Regularly review and audit users assigned to this role to minimize the attack surface.
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.