Lucene search
+L

5 matches found

CVE
CVE
added 6 hours ago8 views

CVE-2026-16106

CVE-2026-16106 refers to Keycloak, specifically the admin REST API. The issue arises when a delegated administrator attempts to remove a child role from a composite role, bypassing authorization checks. This can allow a user with limited admin permissions to remove privileged roles they are not a...

4.9CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-15945

A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions FGAP v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group the...

4.3CVSS
Exploits0References2
NVD
NVD
added 2026/02/02 6:16 a.m.18 views

CVE-2025-13881

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings...

2.7CVSS0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/30 12:0 a.m.9 views

PT-2026-5499

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in the Keycloak Admin API that allows an administrator with limited privileges to retrieve sensitive custom attributes. This is achieved through the /unmanagedAttributes API...

2.7CVSS5.3AI score0.00364EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/01/21 12:4 p.m.6 views

CVE-2025-14083

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

2.7CVSS5.3AI score0.0032EPSS
Exploits0References5
Rows per page
Query Builder