Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3145 articles · 171742 vulns · 36/41 feeds (7d)
← Back to list
5.4
CVE-2026-14614EXPLOITED
red hat · red hat build of keycloak

Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource

Description

A vulnerability was found in Keycloak on Red Hat. It has been classified as critical. The affected element is an unknown function of the component ClientResource. This manipulation causes permission issues. The identification of this vulnerability is CVE-2026-14614. It is possible to initiate the attack remotely.

Affected Products

VendorProductVersions
red hatred hat build of keycloak—

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourceopen source keycloakcert_advisory90%

References

  • https://access.redhat.com/security/cve/CVE-2026-14614(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2496889(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B
BSI Advisories4h ago
[NEU] [UNGEPATCHT] [mittel] Keycloak: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB2d ago
CVE-2026-14614 | Keycloak on Red Hat ClientResource permission
→ No new info (linked only)
CVSS 3.15.4 MEDIUM
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA KEV❌ No
Actively exploited✅ Yes
PublishedJul 3, 2026
Last enriched2d agov2
Trending Score53
Source articles2
Independent2
Info Completeness5/14
Missing: versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-14613EXP
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
Trending: 53
NONECVE-2026-58379EXP
Gimp: gimp: heap buffer overflow in read_channel_data()
Trending: 50
HIGHCVE-2026-9165EXP
Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
Trending: 47
MEDIUMCVE-2026-14615
Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter
Trending: 34
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 32

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 3, 2026
Actively Exploited
Jul 3, 2026
Discovered by ZDM
Jul 3, 2026
Updated: description, severity, activelyExploited
Jul 3, 2026

Version History

v2
Last enriched 2d ago
v2Tier C2d ago

Updated severity to CRITICAL, changed exploit availability to false, and added new description details.

descriptionseverityactivelyExploited
via VulDB
v12d ago

Initial creation