CVE-2026-0871

{"id": "CVE-2026-0871", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2026-02-27T08:17:09.410", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:2365", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:2366", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2026-0871", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428881", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the \"Only administrators can view\" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Keycloak. Un administrador con permiso 'manage-users' puede eludir la configuraci\u00f3n 'Solo los administradores pueden ver' para atributos no gestionados, permiti\u00e9ndoles modificar estos atributos. Este control de acceso inadecuado puede llevar a cambios no autorizados en los perfiles de usuario, incluso cuando el sistema est\u00e1 configurado para restringir dichas modificaciones."}], "lastModified": "2026-03-05T02:03:32.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEA48695-84DD-43C9-A163-38507A9A6582", "versionEndExcluding": "26.4.9"}, {"criteria": "cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "1830E455-7E11-4264-862D-05971A42D4A6"}, {"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1882E42C-6B1E-4E64-A8A9-28FE4DE7768E", "versionEndExcluding": "26.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}