3 matches found
CVE-2026-16106 Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...
CVE-2026-16106
CVE-2026-16106 refers to Keycloak, specifically the admin REST API. The issue arises when a delegated administrator attempts to remove a child role from a composite role, bypassing authorization checks. This can allow a user with limited admin permissions to remove privileged roles they are not a...
EUVD-2026-45224
A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can...