{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11577","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"REJECTED","assignerShortName":"redhat","dateReserved":"2026-06-08T11:34:22.437Z","datePublished":"2026-06-08T11:44:41.892Z","dateUpdated":"2026-07-03T09:01:43.784Z","dateRejected":"2026-07-03T09:01:43.784Z"},"containers":{"cna":{"rejectedReasons":[{"lang":"en","value":"The reported behavior does not constitute a privilege escalation. Exploitation requires the attacker to already possess the manage-realm administrative role within the realm-management client. By design, the manage-realm role is intended to be equivalent in administrative authority to realm-admin. A user with manage-realm already has full administrative control over the realm. Therefore, importing users with realm-admin role mappings through POST /admin/realms/{realm}/partialImport does not grant any additional privileges beyond those already held by the administrator and does not represent a security vulnerability."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-07-03T09:01:43.784Z"}}}}