CVE-2026-15945: Authorization Bypass Through User-Controlled Key in Red Hat Red Hat Build of Keycloak
CVE-2026-15945 is a medium severity vulnerability in the Red Hat Build of Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access controls by searching for a child group they are authorized to view, which causes the system to disclose details of the parent group they should not access. This leads to unauthorized disclosure of sensitive group attributes and configuration information.
AI Analysis
Technical Summary
This vulnerability affects the group search functionality in the Keycloak administrative API under Fine-Grained Admin Permissions (FGAP) v2. A delegated administrator with permission to view a child group can exploit this flaw to retrieve full details of the parent group, bypassing intended access restrictions. The issue results in unauthorized information disclosure of sensitive group attributes and configurations. The CVSS 3.1 base score is 4.3 (medium), reflecting low complexity and network attack vector but limited impact to confidentiality only. No official remediation level or patch information is provided in the vendor advisory at this time.
Potential Impact
The vulnerability allows unauthorized disclosure of sensitive group attributes and configuration data by bypassing access controls in the administrative API. There is no impact on integrity or availability. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-15945 for current remediation guidance. Until a fix is available, consider restricting delegated administrator permissions or disabling Fine-Grained Admin Permissions (FGAP) v2 if feasible to reduce exposure.
CVE-2026-15945: Authorization Bypass Through User-Controlled Key in Red Hat Red Hat Build of Keycloak
Description
CVE-2026-15945 is a medium severity vulnerability in the Red Hat Build of Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access controls by searching for a child group they are authorized to view, which causes the system to disclose details of the parent group they should not access. This leads to unauthorized disclosure of sensitive group attributes and configuration information.
CVSS v3.1
Score 4.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the group search functionality in the Keycloak administrative API under Fine-Grained Admin Permissions (FGAP) v2. A delegated administrator with permission to view a child group can exploit this flaw to retrieve full details of the parent group, bypassing intended access restrictions. The issue results in unauthorized information disclosure of sensitive group attributes and configurations. The CVSS 3.1 base score is 4.3 (medium), reflecting low complexity and network attack vector but limited impact to confidentiality only. No official remediation level or patch information is provided in the vendor advisory at this time.
Potential Impact
The vulnerability allows unauthorized disclosure of sensitive group attributes and configuration data by bypassing access controls in the administrative API. There is no impact on integrity or availability. No known exploits in the wild have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-15945 for current remediation guidance. Until a fix is available, consider restricting delegated administrator permissions or disabling Fine-Grained Admin Permissions (FGAP) v2 if feasible to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-07-16T12:26:48.913Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-15945","vendor":"Red Hat"}]
Threat ID: 6a591cd868715ace4377afeb
Added to database: 07/16/2026, 18:03:04 UTC
Last enriched: 07/16/2026, 18:17:56 UTC
Last updated: 07/17/2026, 01:42:38 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.