CVE-2026-3911

EPSS 0.01%
Veröffentlicht 11.03.2026 05:36:43
Zuletzt bearbeitet 11.03.2026 13:52:47
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerRed Hat

≫

Produkt Red Hat Build of Keycloak

Default Statusaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.013

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-359 Exposure of Private Personal Information to an Unauthorized Actor

The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.

https://access.redhat.com/security/cve/CVE-2026-3911

https://bugzilla.redhat.com/show_bug.cgi?id=2446392

https://nvd.nist.gov/vuln/detail/CVE-2026-3911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-3911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-3911

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-3911