CVE-2026-4630
CWE-639Published: May 19, 2026· Updated: May 20, 2026
Official Description
A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server within the same realm, the client could bypass authorization checks. This allows the client to perform unauthorized GET, PUT, and DELETE operations on resources, leading to information disclosure and potential unauthorized modification or deletion of data.
Technical Analysis
CVE-2026-4630 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), with a CVSS base score of 6.8.
CVSS v3.1 Vector Breakdown
Exploit & PoC Resources
News & Research Mentioning CVE-2026-4630
The vulnerability, tracked as CVE-2026-46300, is similar to the recently disclosed exploits named Dirty Frag and Copy Fail. The post New Linux Kernel Vulnerability Fragnesia Allows Root Privilege Escalation appeared first on SecurityWeek. [xlite_meta score:50 src:SecurityWeek xlite_fp:3e512662b971270d51f1d181a7a6bf871b696b43d5566adc499364a85fc1febe]
Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...] [xlite_meta score:58 src:BleepingComputer xlite_fp:ed89ba4d41a983e8ca914b4bb0f87efa9edf2856ab73f8fe76639ec2818aeaef]
Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM [xlite_meta score:50 src:The Hacker News xlite_fp:43328ffcf5f454e4f3688dc757ee3dbe67316410786a477e26c74816a63e4759]
All References (4)
Quick Facts
Related CVEs (CWE-639)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-4630 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts