Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-16106

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-17 Jul, 2026 | 16:43
Updated At-17 Jul, 2026 | 16:53
Rejected At-
Credits

Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:17 Jul, 2026 | 16:43
Updated At:17 Jul, 2026 | 16:53
Rejected At:
▼CVE Numbering Authority (CNA)
Keycloak-services: keycloak-services: incorrect authorization in admin role-composite deletion allows delegated admin to remove privileged child roles

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk-keycloak-rhel9/rhbk-keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Build of Keycloak
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk-openshift-rhel9/rhbk-openshift-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Data Grid 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:jboss_data_grid:8
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat JBoss Enterprise Application Platform Expansion Pack
Collection URL
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:jbosseapxp
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Single Sign-On 7
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
keycloak-services
CPEs
  • cpe:/a:redhat:red_hat_single_sign_on:7
Default Status
unaffected
Metrics
VersionBase scoreBase severityVector
3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Red Hat severity rating
value:
Moderate
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Exploits

Credits

Red Hat would like to thank Owais Lone (thesecguy) - Independent Security Researcher for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-07-15 07:28:13
Made public.2026-07-15 07:28:13
Event: Reported to Red Hat.
Date: 2026-07-15 07:28:13
Event: Made public.
Date: 2026-07-15 07:28:13
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-16106
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2501739
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-16106
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2501739
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862 Missing Authorization
Type: CWE
CWE ID: CWE-862
Description: CWE-862 Missing Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:17 Jul, 2026 | 17:17
Updated At:17 Jul, 2026 | 18:08

A flaw was found in the admin REST API of Keycloak, a solution for identity and access management. The issue occurs when a delegated administrator attempts to remove a child role from a composite role. Due to missing authorization checks, an attacker with limited administrative permissions can remove privileged roles they are not authorized to manage, leading to a loss of access for other users and administrators.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.9MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
N/A
Type: Primary
Version: 3.1
Base score: 4.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-862Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-862
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/security/cve/CVE-2026-16106secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2501739secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-16106
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2501739
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

32Records found

CVE-2026-16072
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-Not Assigned
Published-17 Jul, 2026 | 13:40
Updated-17 Jul, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: keycloak-services: organization invitation link exposure allows unauthorized member creation

A flaw was found in the organization management component of Keycloak. A delegated administrator with permission to manage organizations can create an invitation for a non-existent email address and then retrieve the secret registration link directly through the application programming interface. By using this link, the administrator can create new user accounts and add them to the organization without having the required user management permissions or access to the invited email account. This allows an administrator to bypass security boundaries and add unauthorized members to an organization.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Build of KeycloakRed Hat Data Grid 8Red Hat Single Sign-On 7
CVE-2026-11986
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.20% / 10.06%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 16:47
Updated-11 Jun, 2026 | 20:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak

A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to perform granular permission checks when deleting role mappings. This allows a delegated administrator with limited permissions to remove highly privileged roles from other users or groups, potentially disrupting administrative access control.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Build of KeycloakRed Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CVE-2026-0871
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.31% / 22.65%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 07:30
Updated-06 Mar, 2026 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakbuild_of_keycloakRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8Red Hat build of Keycloak 26.4Red Hat Single Sign-On 7Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2016-8647
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.2||LOW
EPSS-1.43% / 69.97%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 14:00
Updated-06 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_enginevirtualizationAnsible
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14838
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.2||MEDIUM
EPSS-1.14% / 63.04%
||
7 Day CHG~0.00%
Published-14 Oct, 2019 | 14:32
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

Action-Not Available
Vendor-Red Hat, Inc.
Product-wildfly_coresingle_sign-onenterprise_linuxdata_gridjboss_enterprise_application_platformwildfly-core
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-0923
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.94% / 56.85%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 20:16
Updated-02 Aug, 2024 | 05:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Odh-notebook-controller-container: missing authorization allows for file contents disclosure

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.

Action-Not Available
Vendor-Red Hat, Inc.
Product-enterprise_linuxopenshift_data_scienceRHODS-1.22-RHEL-8
CWE ID-CWE-862
Missing Authorization
CVE-2026-42297
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.5||HIGH
EPSS-0.52% / 40.38%
||
7 Day CHG~0.00%
Published-09 May, 2026 | 03:42
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) performs zero authorization checks on all CRUD operations (create, read, update, delete). Any authenticated user — including those using fake Bearer tokens — can create, read, update, and delete Kubernetes ConfigMaps containing synchronization limits. This issue has been patched in version 4.0.5.

Action-Not Available
Vendor-argoprojargoprojRed Hat, Inc.
Product-argo_workflowsargo-workflowsRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-425
Direct Request ('Forced Browsing')
CWE ID-CWE-862
Missing Authorization
CVE-2026-40976
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-0.49% / 38.82%
||
7 Day CHG~0.00%
Published-27 Apr, 2026 | 23:34
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_bootSpring BootRed Hat build of Apache Camel for Spring Boot 4Red Hat Enterprise Linux 9Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Data Grid 8Red Hat OpenShift Dev SpacesRed Hat Enterprise Linux 8Red Hat build of Apache Camel - HawtIO 4Red Hat Process Automation 7Red Hat AMQ ClientsRed Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat Single Sign-On 7Red Hat AMQ Broker 7Red Hat JBoss Enterprise Application Platform 8Red Hat build of OptaPlanner 8
CWE ID-CWE-305
Authentication Bypass by Primary Weakness
CWE ID-CWE-862
Missing Authorization
CVE-2023-0456
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.64% / 46.55%
||
7 Day CHG~0.00%
Published-27 Sep, 2023 | 13:39
Updated-24 Sep, 2024 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-apicastRed Hat 3scale API Management Platform 2apicast
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2020-1720
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.1||LOW
EPSS-1.18% / 64.23%
||
7 Day CHG~0.00%
Published-17 Mar, 2020 | 15:28
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupRed Hat, Inc.
Product-decision_managerpostgresqlsoftware_collectionsenterprise_linuxpostgresql
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-862
Missing Authorization
CVE-2026-2651
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9||CRITICAL
EPSS-0.34% / 26.71%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 06:00
Updated-15 Jul, 2026 | 02:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Validation in mlflow/mlflow

A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2026-26104
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:51
Updated-25 Mar, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes.

Action-Not Available
Vendor-freedesktop.orgRed Hat, Inc.
Product-enterprise_linuxudisksRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-862
Missing Authorization
CVE-2026-26103
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.07% / 0.11%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 10:31
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss.

Action-Not Available
Vendor-Red Hat, Inc.freedesktop.org
Product-enterprise_linuxudisksRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update Support
CWE ID-CWE-862
Missing Authorization
CVE-2026-23537
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.57% / 43.27%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 13:49
Updated-15 Jul, 2026 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s `/save-document` endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling an attacker to overwrite vital application configurations or startup scripts. Because this flaw requires no credentials or special privileges, any attacker with network access to the server can potentially compromise the integrity of the system. This could lead to unauthorized system modifications, denial of service through disk exhaustion, or potential remote code execution.

Action-Not Available
Vendor-FeastRed Hat, Inc.
Product-Feast Feature ServerRed Hat OpenShift AI (RHOAI)Red Hat OpenShift AI (RHOAI)
CWE ID-CWE-862
Missing Authorization
CVE-2020-10684
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.9||HIGH
EPSS-0.34% / 26.66%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 00:00
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Fedora Project
Product-debian_linuxopenstackfedoraansibleansible_towerAnsible
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-10689
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.75% / 50.87%
||
7 Day CHG~0.00%
Published-03 Apr, 2020 | 14:29
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name and namespace of the target pod.

Action-Not Available
Vendor-Eclipse Foundation AISBLRed Hat, Inc.
Product-cheEclipse Che
CWE ID-CWE-862
Missing Authorization
CVE-2026-11807
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.38% / 30.09%
||
7 Day CHG+0.01%
Published-23 Jun, 2026 | 19:40
Updated-16 Jul, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Eda-server: websocket missing authorization allows credential theft via activation_id spoofing

A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messages. Any authenticated user can send a forged message with an arbitrary activation_id to receive plaintext credentials associated with that activation, including OAuth tokens, vault passwords, and SSH keys.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Ansible Automation Platform 2.7Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5 for RHEL 9Red Hat Ansible Automation Platform 2.7Red Hat Ansible Automation Platform 2.5Red Hat Ansible Automation Platform 2.6 for RHEL 9Red Hat Ansible Automation Platform 2.5 for RHEL 8Red Hat Ansible Automation Platform 2.6Red Hat Ansible Automation Platform 2.5 for RHEL 9
CWE ID-CWE-862
Missing Authorization
CVE-2026-10609
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.23% / 13.21%
||
7 Day CHG~0.00%
Published-23 Jun, 2026 | 13:26
Updated-08 Jul, 2026 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorization

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrate SA tokens and escalate privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-logging_subsystem_for_red_hat_openshiftcluster_logging_operatorLogging Subsystem for Red Hat OpenShift
CWE ID-CWE-862
Missing Authorization
CVE-2026-14251
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.7||HIGH
EPSS-0.22% / 12.82%
||
7 Day CHG~0.00%
Published-15 Jul, 2026 | 07:01
Updated-16 Jul, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gitops-operator: gitops-operator: missing allowednamespace check in reconcilerhook for clusterrole/role cases enables potential privilege escalation and dos

A flaw was found in the OpenShift GitOps operator. The ClusterRole reconciler does not validate resource ownership when reconciling ClusterRole objects. A namespace-scoped Argo CD instance can trigger deletion of a ClusterRole owned by a cluster-scoped Argo CD instance by crafting a name collision, resulting in a denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift GitOps
CWE ID-CWE-862
Missing Authorization
CVE-2017-7530
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.70% / 74.65%
||
7 Day CHG~0.00%
Published-26 Jul, 2018 | 13:00
Updated-05 Aug, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs).

Action-Not Available
Vendor-Red Hat, Inc.
Product-cloudforms_management_enginecloudformscfme
CWE ID-CWE-862
Missing Authorization
CVE-2026-12515
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 9.63%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 15:34
Updated-26 Jun, 2026 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Katello: missing repository authorization in content_uploads exposes cross-product content existence

A flaw was found in Katello's of Red Hat Satellite. A content upload functionality where insufficient authorization checks in the ContentUploadsController allowed users with the edit_products permission to query content information for repositories outside the products they were authorized to manage. An authenticated attacker could exploit this issue to determine whether specific content exists within repositories that should otherwise be inaccessible. This issue does not allow unauthorized modification, import, or publication of content.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Satellite 6Red Hat Hardened Images
CWE ID-CWE-862
Missing Authorization
CVE-2025-13772
Matching Score-6
Assigner-GitLab Inc.
ShareView Details
Matching Score-6
Assigner-GitLab Inc.
CVSS Score-7.1||HIGH
EPSS-0.39% / 30.86%
||
7 Day CHG~0.00%
Published-09 Jan, 2026 | 10:04
Updated-15 Jul, 2026 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to access and utilize AI model settings from unauthorized namespaces by manipulating namespace identifiers in API requests.

Action-Not Available
Vendor-Red Hat, Inc.GitLab Inc.
Product-gitlabGitLabOpenShift PipelinesRed Hat OpenShift Container Platform 4
CWE ID-CWE-862
Missing Authorization
CVE-2024-9671
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 20.29%
||
7 Day CHG+0.01%
Published-09 Oct, 2024 | 14:32
Updated-20 Mar, 2026 | 10:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
System: pdf invoices of the developer users can be seen if the url is known

A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.

Action-Not Available
Vendor-Red Hat, Inc.
Product-3scale_api_management_platformRed Hat 3scale API Management Platform 2
CWE ID-CWE-862
Missing Authorization
CVE-2023-6394
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.4||HIGH
EPSS-0.81% / 52.90%
||
7 Day CHG~0.00%
Published-09 Dec, 2023 | 01:26
Updated-24 Mar, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quarkus: graphql operations over websockets bypass

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

Action-Not Available
Vendor-quarkusRed Hat, Inc.
Product-build_of_quarkusquarkusRed Hat build of Quarkus 3.2.9.FinalRed Hat build of Quarkus 2.13.9.Final
CWE ID-CWE-862
Missing Authorization
CVE-2023-5056
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 19.25%
||
7 Day CHG~0.00%
Published-18 Dec, 2023 | 13:43
Updated-20 Nov, 2025 | 07:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Skupper-operator: privelege escalation via config map

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments in all namespaces in the cluster. This issue permits unauthorized viewing of information outside of the user's purview.

Action-Not Available
Vendor-Red Hat, Inc.
Product-service_interconnectenterprise_linuxService Interconnect 1 for RHEL 9
CWE ID-CWE-862
Missing Authorization
CVE-2023-0805
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.83% / 53.40%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2022-41929
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.71% / 49.48%
||
7 Day CHG~0.00%
Published-23 Nov, 2022 | 00:00
Updated-22 Apr, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore

org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-862
Missing Authorization
CVE-2026-27346
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.25% / 16.75%
||
7 Day CHG~0.00%
Published-25 May, 2026 | 21:54
Updated-26 May, 2026 | 10:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress B2BKing plugin < 5.2.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kings Plugins B2BKing allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects B2BKing: from n/a before 5.2.10.

Action-Not Available
Vendor-Kings Plugins
Product-B2BKing
CWE ID-CWE-862
Missing Authorization
CVE-2024-36113
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.42% / 33.87%
||
7 Day CHG~0.00%
Published-03 Jul, 2024 | 19:07
Updated-18 Sep, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-862
Missing Authorization
CVE-2026-61952
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.19% / 9.16%
||
7 Day CHG~0.00%
Published-13 Jul, 2026 | 08:41
Updated-13 Jul, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce Bulk Edit Products – WP Sheet Editor plugin <= 1.8.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in Jose Vega WooCommerce Bulk Edit Products – WP Sheet Editor woo-bulk-edit-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Bulk Edit Products – WP Sheet Editor: from n/a through <= 1.8.21.

Action-Not Available
Vendor-Jose Vega
Product-WooCommerce Bulk Edit Products – WP Sheet Editor
CWE ID-CWE-862
Missing Authorization
CVE-2025-64251
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.24% / 15.54%
||
7 Day CHG+0.01%
Published-16 Dec, 2025 | 08:12
Updated-28 Apr, 2026 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ultimate Learning Pro plugin <= 3.9.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Learning Pro: from n/a through <= 3.9.3.

Action-Not Available
Vendor-azzaroco
Product-Ultimate Learning Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-47465
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.9||MEDIUM
EPSS-0.35% / 27.52%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 14:19
Updated-28 Apr, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blocksy theme <= 2.0.97 - Broken Access Control Vulnerability

Missing Authorization vulnerability in creativethemeshq Blocksy blocksy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blocksy: from n/a through <= 2.0.97.

Action-Not Available
Vendor-creativethemeshq
Product-Blocksy
CWE ID-CWE-862
Missing Authorization
Details not found