7.3
CVE-2026-3872
- EPSS 0.01%
- Veröffentlicht 02.04.2026 12:37:30
- Zuletzt bearbeitet 16.04.2026 20:52:42
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Build Of Keycloak Version- SwEditiontext-only
Redhat ≫ Build Of Keycloak Version26.2 SwEditiontext-only
Redhat ≫ Build Of Keycloak Version26.2.15 SwEditiontext-only
Redhat ≫ Build Of Keycloak Version26.4 SwEditiontext-only
Redhat ≫ Build Of Keycloak Version26.4.11 SwEditiontext-only
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.018 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| secalert@redhat.com | 7.3 | 2.1 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.