Loading market data...
← Back to CVE feed

CVE-2026-14615

MEDIUM CVSS 4.3 View on NVD ↗

Description

A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delegated administrator to view details of child groups they are not authorized to access directly, including group names, paths, and custom attributes.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Published: Jul 03, 2026 16:16 UTC Modified: Jul 03, 2026 16:16 UTC