CVE-2026-9689
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.2 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Description
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-1288
Source
NVD
Vendor
redhat
Product
build_of_keycloak
Discussion (0)
Add Comment
No comments yet. Be the first!