Lucene search
K

12 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 5 days ago20 views

CVE-2026-14614

The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 11:48 a.m.31 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47283

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An improper access control flaw exists where a limited administrator can bypass Fine-Grained Admin Permissions FGAP, which are detailed permissions that restrict administrative actions to...

7.2CVSS5.5AI score0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/05/28 5:16 a.m.16 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00292EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/28 3:49 a.m.41 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00292EPSS
Exploits0References6
Veracode
Veracode
added 2025/07/25 6:35 a.m.8 views

Privilege Escalation

org.keycloak, keycloak-services is vulnerable to privilege escalation. The vulnerability is due to improper privilege enforcement when Fine-Grained Admin Permissions FGAPv2 are enabled, which allows an attacker with the manage-users role to escalate privileges to realm-admin...

6.5CVSS6.4AI score0.00368EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/18 3:31 p.m.12 views

Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled)

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gp-8389-hm4w. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions FGAPv2 are...

6.5CVSS6.3AI score0.00368EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2025/07/18 1:48 p.m.64 views

CVE-2025-7784

CVE-2025-7784 - Keycloak FGAPv2 Privilege Escalation This entry describes a privilege-escalation vulnerability in Keycloak when Fine-Grained Admin Permissions (FGAPv2) are enabled. An administrative user who holds the manage-users role can elevate themselves to realm-admin due to improper privile...

6.5CVSS6.7AI score0.00368EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/18 1:48 p.m.12 views

CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS7.3AI score0.00368EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/07/18 1:48 p.m.11 views

CVE-2025-7784 Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin PermissionsFGAPv2 are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorize...

6.5CVSS0.00368EPSS
Exploits0References5
Rows per page
Query Builder