CVE-2026-12388

MEDIUM

Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-12388. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-12388, a flaw in Keycloak's Identity Provider (IdP) mapper component. The code includes placeholder methods (`check` and `run`) with no actual exploit implementation, only references to external sources for details.

Description

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-12388_flaw_was_found.py

This repository contains an auto-generated stub module for CVE-2026-12388, a flaw in Keycloak's Identity Provider (IdP) mapper component. The code includes placeholder methods (`check` and `run`) with no actual exploit implementation, only references to external sources for details.

Classification
Stub 99%
Attack Type
Other
Complexity
Unknown
Reliability
Theoretical
Target: Keycloak (Identity Provider mapper component)
Auth required
Prerequisites: Administrator access with limited privileges to Keycloak · Target Keycloak instance running the vulnerable IdP mapper component
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (2)

Core 2
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-12388
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2489140
https://bugzilla.redhat.com/show_bug.cgi?id=2489140

Scores

CVSS v3 6.5
EPSS 0.0023
EPSS Percentile 14.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-266
Status published
Products (2)
Red Hat/Red Hat Build of Keycloak
redhat/build_of_keycloak
Published Jun 30, 2026
Tracked Since Jun 30, 2026