CVE-2026-3872

high

Red Hat

CVSS v3 Base Score

7.3

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

None

Published: April 2, 2026 (42 days ago)

Last Modified: April 2, 2026

Vendor: Red Hat

Fix Available: ✓ Yes

Source: REDHAT

Description

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.

CWE

CWE-601

Affected Products

Red Hat build of Keycloak 26.2Red Hat build of Keycloak 26.2.15Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.11

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-3872

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References