EXECUTIVE SUMMARY:
CVE-2026-41166 with a CVSS score of 7.0 is a vulnerability in the OpenRemote Manager API, specifically in the updateUserRealmRoles function. This function, which is intended to update Keycloak realm roles for users, is affected by a lack of access control checks, allowing an attacker with the OpenRemote client role write:admin in any realm to update Keycloak realm roles for users in another realm, including the master realm. An attacker can exploit this vulnerability by calling the Manager API with a specific path segment, requiring only write:admin in one Keycloak realm and no other privileges or user interaction. Successful exploitation grants the attacker Keycloak administrator access for the master realm, resulting in a significant business impact and consequences, including potential data confidentiality loss, data integrity compromise, and system unavailability. Prerequisites for exploitation include having write:admin in one Keycloak realm and access to the Manager API.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-41166 with a CVSS score of 7.0 is a vulnerability in the OpenRemote Manager API, specifically in the updateUserRealmRoles function. This function, which is intended to update Keycloak realm roles for users, is affected by a lack of access control checks, allowing an attacker with the OpenRemote client role write:admin in any realm to update Keycloak realm roles for users in another realm, including the master realm. An attacker can exploit this vulnerability by calling the Manager API with a specific path segment, requiring only write:admin in one Keycloak realm and no other privileges or user interaction. Successful exploitation grants the attacker Keycloak administrator access for the master realm, resulting in a significant business impact and consequences, including potential data confidentiality loss, data integrity compromise, and system unavailability. Prerequisites for exploitation include having write:admin in one Keycloak realm and access to the Manager API.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-49vv-25qx-mg44