Back to overview

CVE-2026-15943

MEDIUM
5.5
CVSS 3.1
Description
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.

Metadata

CVE ID
CVE-2026-15943
State
PUBLISHED
Assigner
redhat
Reserved
2026-07-16 09:20 UTC
Published
2026-07-17 11:49 UTC
Last updated
2026-07-17 14:53 UTC
Primary CWE
CWE-1288
Improper Validation of Consistency within Input
Vendor / Product
Red Hat / Red Hat Build of Keycloak
Sources
cve.org  ·  NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (6)
VendorProductPlatformVersions
Red Hat Red Hat Build of Keycloak
Red Hat Red Hat Build of Keycloak
Red Hat Red Hat Build of Keycloak
Red Hat Red Hat Data Grid 8
Red Hat Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat Red Hat Single Sign-On 7
Weakness (CWE)
CWESourceDescription
CWE-1288 cna Improper Validation of Consistency within Input
CVSS scores (1)
ScoreSeverityVersionSourceVector
5.5 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Back to overview