CVE-2026-4981

medium

Red Hat

CVSS v3 Base Score

5.4

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

Low

Integrity

Low

Availability

None

Published: March 27, 2026 (48 days ago)

Last Modified: March 27, 2026

Vendor: Red Hat

Source: REDHAT

Description

A flaw was found in Red Hat Advanced Cluster Security (ACS). An unauthenticated remote attacker can exploit a vulnerability in the login interface's OAuth callback endpoint by crafting a malicious URL. This URL, containing unvalidated `error` and `error_uri` parameters, allows the attacker to display arbitrary error messages, leading to content spoofing. Furthermore, the attacker can redirect victims to malicious domains, effectively performing an open redirect under the guise of the trusted application's user interface.

CWE

CWE-601

Affected Products

Red Hat Advanced Cluster Security 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2026-4981

Vulnerability Report

Description

CWE

Affected Products

References