CVE-2026-0976

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw exists in Keycloak related to improper input validation. The software accepts RFC-compliant matrix parameters within URL path segments, which may be ignored or mishandled by common reverse proxy configurations. This allows a remote attacker to craft requests that mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.