Back to CVE List

CVE-2026-9689

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.2 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Vulnerability Description

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-1288
Source
NVD
Vendor
redhat
Product
build_of_keycloak

External References

Discussion (0)

Add Comment

No comments yet. Be the first!