CVE-2026-9088EPSS p23.4%

CVE-2026-9088CVE-2026-9088

Description

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.

Scoring

CVSS 2.7 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS0.32% probability of exploitation · percentile 23.4% · 2026-06-19T12:03:05Z
Last modified2026-06-10

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-9791
CVE
CVE-2026-37978
CVE
CVE-2026-37981
CVE
CVE-2026-3009
CVE
CVE-2026-9795
CVE
CVE-2026-4366
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.