๐Ÿ” CVE Alert

CVE-2026-14613

MEDIUM 4.3

Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can also see a list of all groups assigned to that role. The system fails to check if the administrator has permission to see those specific groups. This could allow a restricted administrator to discover "hidden" groups and see their details, such as internal names and custom settings, which might contain sensitive deployment information.

Vendor red hat
Product red hat build of keycloak
Published Jul 3, 2026
Stay Ahead of the Next One

Get instant alerts for red hat red hat build of keycloak

Be the first to know when new medium vulnerabilities affecting red hat red hat build of keycloak are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Affected Versions

Red Hat / Red Hat Build of Keycloak
All versions affected
Red Hat / Red Hat Build of Keycloak
All versions affected
Red Hat / Red Hat Build of Keycloak
All versions affected
Red Hat / Red Hat Data Grid 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected
Red Hat / Red Hat Single Sign-On 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-14613 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2496878