PT-2026-55165 · Maven · Org.Keycloak:Keycloak-Services

Publicado

2026-05-27

·

Atualizado

2026-05-27

CVSS v3.1

4.2

Média

VetorAV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

GHSA-WCVJ-VPVW-9RR5

Produtos afetados

Org.Keycloak:Keycloak-Services