PT-2026-29728 · Red Hat · Red Hat Build Of Keycloak
Published
2026-04-02
·
Updated
2026-04-02
·
CVE-2026-3872
CVSS v3.1
7.3
High
| AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Build Of Keycloak