CyberRota
← Ana sayfaya dön

CVE-2026-15943

MEDIUM · CVSS 5.5

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-17T12:17:03.313 · Çekilme zamanı: 2026-07-17T18:33:08.226305+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-15943
Severity
MEDIUM
CVSS
5.5
EPSS
Yok

Orijinal NVD Açıklaması

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.