CVE-2026-3872
Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Produtos afetados
Red Hat · Red Hat build of Keycloak 26.2Red Hat · Red Hat build of Keycloak 26.2.15Red Hat · Red Hat build of Keycloak 26.4Red Hat · Red Hat build of Keycloak 26.4.11Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2026:6475https://access.redhat.com/errata/RHSA-2026:6476https://access.redhat.com/errata/RHSA-2026:6477https://access.redhat.com/errata/RHSA-2026:6478https://access.redhat.com/security/cve/CVE-2026-3872https://bugzilla.redhat.com/show_bug.cgi?id=2445988