Lucene search
K

17 matches found

CVE
CVE
added yesterday8 views

CVE-2026-14614

The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...

5.4CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.6 views

keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47283

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 5:16 a.m.16 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00292EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:49 a.m.10 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/28 3:49 a.m.39 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00292EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 3:49 a.m.12 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 3:16 a.m.8 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via improper enforcement of scope mapping in the Fine-Grained Admin Permission...

7.3CVSS6AI score0.00292EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/07/29 1:35 a.m.3 views

org.keycloak/keycloak-services: Privilege Escalation in Keycloak Admin Console (FGAPv2 Enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS5.8AI score0.00368EPSS
Exploits0References5
Veracode
Veracode
added 2025/07/25 6:35 a.m.8 views

Privilege Escalation

org.keycloak, keycloak-services is vulnerable to privilege escalation. The vulnerability is due to improper privilege enforcement when Fine-Grained Admin Permissions FGAPv2 are enabled, which allows an attacker with the manage-users role to escalate privileges to realm-admin...

6.5CVSS6.4AI score0.00368EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/18 3:31 p.m.12 views

Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions FGAPv2 are...

6.5CVSS6.3AI score0.00368EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2025/07/18 1:48 p.m.8 views

CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS0.00368EPSS
Exploits0References5
CVE
CVE
added 2025/07/18 1:48 p.m.64 views

CVE-2025-7784

CVE-2025-7784 - Keycloak FGAPv2 Privilege Escalation This entry describes a privilege-escalation vulnerability in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user who holds the manage-users role can elevate themselves to realm-admin due to improper privile...

6.5CVSS6.7AI score0.00368EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/18 1:48 p.m.12 views

CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS7.3AI score0.00368EPSS
Exploits0References5
Rows per page
Query Builder