CyberRota
← Ana sayfaya dön

CVE-2026-15945

MEDIUM · CVSS 4.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-16T18:16:42.693 · Çekilme zamanı: 2026-07-17T00:26:15.143611+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-15945
Severity
MEDIUM
CVSS
4.3
EPSS
Yok

Orijinal NVD Açıklaması

A flaw was found in the group search functionality of the Keycloak server's administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration.