How serious is CVE-2026-0871?

This vulnerability has a CVSS score of 4.9 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-0871?

Yes, proof-of-concept exploit code for CVE-2026-0871 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-0871?

CVE-2026-0871 affects redhat build of keycloak. Check the full CVE details for specific version information.

How do I fix CVE-2026-0871?

To remediate CVE-2026-0871, check for security patches from redhat. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-0871

Medium

|4.9

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

An attacker with the `manage-users` permission can change user profile information that should be restricted, bypassing security settings meant to protect unmanaged attributes. This means that if someone has this admin role, they can make unauthorized modifications to user data, even when the system is supposed to prevent it.

Technical Description

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactHigh

Availability ImpactNone

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$655($500-$1K)

Vendor Response

Grade APatched in 5 days

Quick Information

Published

Feb 27, 2026

about 1 month ago

Last Modified

Mar 5, 2026

about 1 month ago

Vendor

redhat

Product

build of keycloak

Related Vulnerabilities

CVE-2025-12150Low

An attacker can register fake or untrusted authentication devices in Keycloak, even if the system is set to require secure verification, by submitting a specific type of data that bypasses security checks. This vulnerability weakens the overall security of user authentication, but it requires the attacker to have access to the registration process.

CVE-2026-0980High

An attacker with the right permissions can exploit a flaw in the Red Hat Satellite system to run their own code remotely by creating a specially crafted username for the Baseboard Management Controller. This requires the attacker to already have access to create or update hosts within the system.

CVE-2026-3118Medium

An attacker can crash the Red Hat Developer Hub application by sending specially crafted input through API requests, causing a Denial of Service that temporarily locks out all legitimate users. This vulnerability requires the attacker to be an authenticated user, meaning they already have access to the system.

CVE-2026-26104Medium

An attacker can exploit a flaw in the udisks storage management system to access and back up sensitive encryption information from LUKS-encrypted drives without proper authorization. This vulnerability requires the attacker to have access to the system as an unprivileged user, allowing them to potentially compromise the confidentiality of encrypted data.

CVE-2026-26103High

An attacker with local access can exploit a flaw in the udisks storage management tool to overwrite encryption settings on protected drives, potentially making the data permanently inaccessible. This requires no special privileges, meaning any regular user on the system could cause significant data loss and disrupt access to encrypted volumes.