CyberRota Yorumu
Detaylı analiz gerekiyor.
CVE
CVE-2026-15943
Severity
MEDIUM
CVSS
5.5
EPSS
Yok
Orijinal NVD Açıklaması
A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.