Keycloak Admin REST API exposes backend schema and rules

GHSA-594w-2fwp-jwrc · CVE-2025-14083

Published Jan 21, 2026 · Modified Apr 2, 2026

Description

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-14083
WEB https://github.com/keycloak/keycloak/issues/45493
WEB https://access.redhat.com/errata/RHSA-2026:6477
WEB https://access.redhat.com/errata/RHSA-2026:6478
WEB https://access.redhat.com/security/cve/CVE-2025-14083
WEB https://bugzilla.redhat.com/show_bug.cgi?id=2419086
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes