Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3145 articles · 171742 vulns · 36/41 feeds (7d)
← Back to list
4.3
CVE-2026-14615
red hat · red hat build of keycloak

Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter

Description

A vulnerability categorized as problematic has been discovered in Keycloak on Red Hat, impacting an unknown function and leading to insufficient granularity of access control. This vulnerability is tracked as CVE-2026-14615.

Affected Products

VendorProductVersions
red hatred hat build of keycloak—

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
open sourceopen source keycloakcert_advisory90%

References

  • https://access.redhat.com/security/cve/CVE-2026-14615(vdb-entry, x_refsource_REDHAT)
  • https://bugzilla.redhat.com/show_bug.cgi?id=2496891(issue-tracking, x_refsource_REDHAT)

Related News (2 articles)

Tier B
BSI Advisories4h ago
[NEU] [UNGEPATCHT] [mittel] Keycloak: Mehrere Schwachstellen
→ No new info (linked only)
Tier C
VulDB2d ago
CVE-2026-14615 | Keycloak on Red Hat insufficient granularity of access control
→ No new info (linked only)
CVSS 3.14.3 MEDIUM
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA KEV❌ No
Actively exploited❌ No
CWECWE-1220
PublishedJul 3, 2026
Last enriched2d agov2
Trending Score34
Source articles2
Independent2
Info Completeness6/14
Missing: versions, cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

MEDIUMCVE-2026-14613EXP
Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission
Trending: 53
MEDIUMCVE-2026-14614EXP
Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource
Trending: 53
NONECVE-2026-58379EXP
Gimp: gimp: heap buffer overflow in read_channel_data()
Trending: 50
HIGHCVE-2026-9165EXP
Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
Trending: 47
HIGHCVE-2026-55628EXP
ImageMagick: Policy Bypass in concatenate operation due to missing checks
Trending: 32

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 3, 2026
Discovered by ZDM
Jul 3, 2026
Updated: description, severity
Jul 3, 2026

Version History

v2
Last enriched 2d ago
v2Tier C2d ago

Updated description with new details, changed severity to HIGH, and corrected product name to 'keycloak'.

descriptionseverity
via VulDB
v12d ago

Initial creation