CVE-2026-4366

medium

Red Hat

CVSS v3 Base Score

5.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

Low

Integrity

None

Availability

None

Published: March 18, 2026 (57 days ago)

Last Modified: March 18, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.

CWE

CWE-918

Affected Products

Red Hat Build of KeycloakRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Single Sign-On 7

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-4366

Vulnerability Report

Description

CWE

Affected Products

References