CVE-2026-14209

MEDIUM

Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-14209. PoCs published by HermesNA-1.

AI-analyzed exploit summary This repository contains an auto-generated stub module for CVE-2026-14209, a security restriction bypass in Keycloak's Admin UI extension when Fine-Grained Admin Permissions (FGAPv2) are enabled. The code includes placeholder logic for connectivity checks but lacks actual exploit implementation.

Description

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions (FGAPv2) are enabled, an administrator who should only be able to search for users (but not view their full details) can use a specific "brute-force-user" endpoint to access a user's full profile. This includes sensitive information and security metadata. The issue occurs because the system fails to check if the administrator has the required "view" permission for that specific user when using this particular search path.

Exploits (1)

github STUB 1 stars
by HermesNA-1 · pythonpoc
https://github.com/HermesNA-1/SnakeSploit/tree/main/data/modules_generated/cve-2026-14209_vulnerability_was_discovered.py

This repository contains an auto-generated stub module for CVE-2026-14209, a security restriction bypass in Keycloak's Admin UI extension when Fine-Grained Admin Permissions (FGAPv2) are enabled. The code includes placeholder logic for connectivity checks but lacks actual exploit implementation.

Classification
Stub 99%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Keycloak (with Fine-Grained Admin Permissions FGAPv2 enabled)
Auth required
Prerequisites: Target must have Keycloak with FGAPv2 enabled · Attacker must have certain administrative privileges
mistral-large-3 · analyzed Jul 09, 2026 Full analysis →

References (2)

Core 2
Core References
Vdb Entry, X_Refsource_Redhat vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-14209
Issue Tracking, X_Refsource_Redhat issue-tracking x_refsource_redhat
RHBZ#2494837
https://bugzilla.redhat.com/show_bug.cgi?id=2494837

Scores

CVSS v3 4.3
EPSS 0.0017
EPSS Percentile 7.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-639
Status published
Products (4)
Red Hat/Red Hat Build of Keycloak
Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack
redhat/build_of_keycloak
redhat/jboss_enterprise_application_platform_expansion_pack
Published Jun 30, 2026
Tracked Since Jun 30, 2026