CVE-2026-11800: Keycloak JWT algorithm confusion privilege escalation
CVE-2026-11800 is verified against keycloak/keycloak · github affected versions: Keycloak < 26.6.4 (26.6.x line) fixed version: 26.6.4 vulnerability class: Privilege Escalation This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00243.
pruva-verify REPRO-2026-00243 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00243/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh A flaw in Keycloak creates a JWT algorithm confusion vulnerability in the JWT Authorizer. An attacker can craft a JWT using a different algorithm to bypass authorization and escalate privileges. Reproduce: run a vulnerable Keycloak build, create a crafted JWT using algorithm confusion (e.g., HS256/RS256 confusion), present it to the Authorizer, and gain unauthorized access.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.