2 matches found
CVE-2026-15943
A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...
CVE-2026-15943 Keycloak-services: keycloak-services: oidc idp update reuses masked client secret after token url change
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing...