CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-3872

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.3%

CVSS Severity

CVSS v3 Score 7.3

References

https://access.redhat.com/errata/RHSA-2026:6475
https://access.redhat.com/errata/RHSA-2026:6476
https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/security/cve/CVE-2026-3872
https://bugzilla.redhat.com/show_bug.cgi?id=2445988

Products affected by CVE-2026-3872

Redhat » Build Of Keycloak » Version: N/A

cpe:2.3:a:redhat:build_of_keycloak:-
Redhat » Build Of Keycloak » Version: 26.2

cpe:2.3:a:redhat:build_of_keycloak:26.2
Redhat » Build Of Keycloak » Version: 26.2.15

cpe:2.3:a:redhat:build_of_keycloak:26.2.15
Redhat » Build Of Keycloak » Version: 26.4

cpe:2.3:a:redhat:build_of_keycloak:26.4
Redhat » Build Of Keycloak » Version: 26.4.11

cpe:2.3:a:redhat:build_of_keycloak:26.4.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3872

Products

Pricing

Contact Us