CVE-2026-9689

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw in Keycloak, an open-source identity and access management solution, allows a remote attacker to manipulate the authentication process by crafting a special web address. This occurs when a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs). If a user clicks the link, the application may prioritize attacker-controlled information over legitimate data. This issue is a result of HTTP parameter pollution, which is the injection of multiple parameters with the same name into an HTTP request to confuse the application logic, potentially leading to security bypasses or unauthorized resource access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.