Back to overview

CVE-2026-14615

MEDIUM
4.3
CVSS 3.1
Description
A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes.

Metadata

CVE ID
CVE-2026-14615
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-03 15:30 UTC
Published
2026-07-03 15:47 UTC
Last updated
2026-07-03 15:47 UTC
Primary CWE
CWE-1220
Insufficient Granularity of Access Control
Vendor / Product
Red Hat / Red Hat Build of Keycloak
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products (1)
VendorProductPlatformVersions
Red Hat Red Hat Build of Keycloak
Weakness (CWE)
CWESourceDescription
CWE-1220 cna Insufficient Granularity of Access Control
CVSS scores (1)
ScoreSeverityVersionSourceVector
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Back to overview