Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-15943

MEDIUM NVD
CVSS Score 5.5
Severity MEDIUM
Published Jul 17, 2026
Vendor unknown

Description

A flaw was found in the Keycloak keycloak-services component, which handles the management of identity providers. The issue occurs when a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value. Due to improper validation, Keycloak reuses the existing real secret even if security-sensitive fields like the token URL have been changed, allowing an attacker to redirect and capture the secret.

References