Lucene search
K

483 matches found

NVD
NVD
added 2026/07/03 4:16 p.m.9 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 4:16 p.m.8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 4:16 p.m.11 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 3:47 p.m.8 views

EUVD-2026-41557

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:42 p.m.8 views

CVE-2026-14615

A flaw was found in the Fine-Grained Admin Permissions FGAP v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 3:33 p.m.8 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 3:33 p.m.39 views

CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:33 p.m.28 views

CVE-2026-14614

The CVE-2026-14614 entry concerns Keycloak’s admin services, specifically the ClientResource component under FGAP v2. It describes a bypass where a delegated administrator can attach or remove hidden client scopes beyond their visibility/permission, potentially injecting unauthorized data or perm...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:26 p.m.9 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 3:16 p.m.13 views

EUVD-2026-41555

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/03 3:10 p.m.13 views

CVE-2026-14613

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS6AI score0.00172EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55549

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue in the administrative interface occurs when Fine-Grained Admin Permissions FGAP v2 are enabled. An administrator with permission to view a specific role can access a list of all...

4.3CVSS6.1AI score0.00172EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55550

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the ClientResource component of the admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator with limited control...

5.4CVSS6AI score0.00146EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/30 11:48 a.m.32 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 11:48 a.m.9 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.9AI score0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 11:48 a.m.7 views

EUVD-2026-40299

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 11:48 a.m.7 views

CVE-2026-14209

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.6AI score0.00173EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.7 views

keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.8AI score0.00292EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 6:47 p.m.7 views

keycloak: Group-Admin Escalation to Realm-Admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9099 Keycloak: group-admin escalation to realm-admin

A flaw was found in Keycloak. A missing authorization check in the GroupResource.addChild endpoint within the Admin REST API allows an authenticated user with limited administrative privileges to reparent any existing group. When Fine-Grained Admin Permissions v2 FGAPv2 is enabled, an attacker wi...

7.7CVSS5.8AI score0.00288EPSS
Exploits0References6
Rows per page
Query Builder