Intel

AIKIDO-2026-172548

keycloak-services is vulnerable to Path Traversal

Path TraversalCVE-2026-9083 Published 3 days ago

49

Medium Risk

This Affects:

JAVAkeycloak-services
1.0.1.Final - 26.6.3
Fixed in 26.6.4
Are you affected? Scan for Free

TL;DR

When creating a key provider component, Keycloak accepts an arbitrary filesystem path as the keystore parameter without restricting it. A realm administrator can supply different paths and observe the resulting behavior to learn which files exist and are readable by the Keycloak process. This discloses information about the host filesystem that can guide follow-on attacks. The fix restricts the keystore path so arbitrary locations can no longer be probed.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range and untrusted users hold realm administration privileges.

Background info

keycloak-services is vulnerable to Path Traversal in versions 1.0.1.Final - 26.6.3.

How to fix this

Upgrade the org.keycloak:keycloak-services library to the patch version.