{"api_version":"1","generated_at":"2026-07-18T04:24:49+00:00","cve":"CVE-2026-16104","urls":{"html":"https://cve.report/CVE-2026-16104","api":"https://cve.report/api/cve/CVE-2026-16104.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-16104","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-16104"},"summary":{"title":"Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins","description":"A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-07-17 17:17:14","updated_at":"2026-07-17 18:17:14"},"problem_types":["CWE-522","CWE-522 CWE-522 Insufficiently Protected Credentials"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"4.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-16104","name":"https://access.redhat.com/security/cve/CVE-2026-16104","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501737","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2501737","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-16104","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-16104","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"Red Hat Build of Keycloak","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Build of Keycloak","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Build of Keycloak","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Data Grid 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Single Sign-On 7","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-07-15T13:25:50.000Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2026-07-15T13:25:50.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.","time":"","lang":"en"}],"exploits":[],"credits":[{"source":"CNA","value":"Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue.","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-16104","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-07-17T17:24:30.498422Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522 Insufficiently Protected Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-17T17:24:34.155Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"affected","packageName":"keycloak-services","product":"Red Hat Build of Keycloak","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"affected","packageName":"rhbk-keycloak-rhel9/rhbk-keycloak-rhel9","product":"Red Hat Build of Keycloak","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:build_keycloak:"],"defaultStatus":"affected","packageName":"rhbk-openshift-rhel9/rhbk-openshift-rhel9","product":"Red Hat Build of Keycloak","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"unaffected","packageName":"keycloak-services","product":"Red Hat Data Grid 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/jbossnetwork/restricted/listSoftware.html","cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","packageName":"keycloak-services","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"unaffected","packageName":"keycloak-services","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"}],"credits":[{"lang":"en","value":"Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."}],"datePublic":"2026-07-15T13:25:50.000Z","descriptions":[{"lang":"en","value":"A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS"}],"providerMetadata":{"dateUpdated":"2026-07-17T16:43:54.168Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-16104"},{"name":"RHBZ#2501737","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2501737"}],"timeline":[{"lang":"en","time":"2026-07-15T13:25:50.000Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-07-15T13:25:50.000Z","value":"Made public."}],"title":"Keycloak-services: keycloak-services: authenticator config endpoint exposes raw recaptcha secrets to view-only admins","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_generator":{"engine":"cvelib 1.8.0"}}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2026-16104","datePublished":"2026-07-17T16:43:54.168Z","dateReserved":"2026-07-17T14:48:32.086Z","dateUpdated":"2026-07-17T17:24:34.155Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-17 17:17:14","lastModifiedDate":"2026-07-17 18:17:14","problem_types":["CWE-522","CWE-522 CWE-522 Insufficiently Protected Credentials"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-07-17T17:24:30.498422Z","id":"CVE-2026-16104","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"16104","Ordinal":"1","Title":"Keycloak-services: keycloak-services: authenticator config endpo","CVE":"CVE-2026-16104","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"16104","Ordinal":"1","NoteData":"A flaw was found in the authentication configuration endpoint of the keycloak-services component, which is the core engine for Red Hat Build of Keycloak identity and access management. The issue occurs because the system fails to mask sensitive configuration values, such as reCAPTCHA secret keys, when they are requested by administrators with view-only permissions. This can lead to the exposure of third-party service credentials to unauthorized personnel or through administrative logs.","Type":"Description","Title":"Keycloak-services: keycloak-services: authenticator config endpo"}]}}}