CVE-2026-0976
LOWKeycloak - Path Filter Bypass via RFC-Compliant Matrix Parameters
Title source: llmDescription
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-0976
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2429869
Scores
CVSS v3
3.7
EPSS
0.0001
EPSS Percentile
3.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (4)
org.keycloak/keycloak-quarkus-server
0Maven
Red Hat/Red Hat Build of Keycloak
Red Hat/Red Hat JBoss Enterprise Application Platform 8
Red Hat/Red Hat JBoss Enterprise Application Platform Expansion Pack
Published
Jan 15, 2026
Tracked Since
Feb 18, 2026