Authentication Configuration Flaw in Red Hat Build of Keycloak
CVE-2026-16104
4.3MEDIUM
What is CVE-2026-16104?
A flaw exists in the authentication configuration endpoint of the core component of Red Hat Build of Keycloak, potentially leading to the exposure of sensitive configuration details. This issue arises when the system does not adequately mask critical configuration values, including reCAPTCHA secret keys, visible to administrators with only view permissions. Such exposure could allow unauthorized individuals to access third-party service credentials, presenting significant security risks through administrative logs.
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.