CVE-2026-3872
Keycloak: keycloak: information disclosure due to redirect_uri validation bypass
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
9th
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
| CWE | CWE-601 |
| Vendor | red hat |
| Product | red hat build of keycloak 26.2 |
| Published | Apr 2, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of keycloak 26.2
Be the first to know when new high vulnerabilities affecting red hat red hat build of keycloak 26.2 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
Red Hat / Red Hat build of Keycloak 26.2
All versions affected Red Hat / Red Hat build of Keycloak 26.2
All versions affected Red Hat / Red Hat build of Keycloak 26.2
All versions affected Red Hat / Red Hat build of Keycloak 26.2.15
All versions affected Red Hat / Red Hat build of Keycloak 26.4
All versions affected Red Hat / Red Hat build of Keycloak 26.4
All versions affected Red Hat / Red Hat build of Keycloak 26.4
All versions affected Red Hat / Red Hat build of Keycloak 26.4.11
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6475 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6476 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6477 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:6478 access.redhat.com: https://access.redhat.com/security/cve/CVE-2026-3872 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2445988
Credits
Red Hat would like to thank Meeranh for reporting this issue.