CVE-2026-3872
HIGHRed Hat Keycloak 26.2 and 26.4 - redirect_uri Access Token Disclosure
Title source: manualDescription
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
References (6)
Core 6
Core References
Issue Tracking, X_Refsource_Redhat issue-tracking
x_refsource_redhat
RHBZ#2445988
https://bugzilla.redhat.com/show_bug.cgi?id=2445988
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6475
https://access.redhat.com/errata/RHSA-2026:6475
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6476
https://access.redhat.com/errata/RHSA-2026:6476
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6477
Vendor Advisory vendor-advisory
x_refsource_redhat
RHSA-2026:6478
https://access.redhat.com/errata/RHSA-2026:6478
Vdb Entry, X_Refsource_Redhat vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2026-3872
Scores
CVSS v3
7.3
EPSS
0.0043
EPSS Percentile
34.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-601
Status
published
Products (12)
org.keycloak/keycloak-services
0 - 26.5.7Maven
Red Hat/Red Hat build of Keycloak 26.2
26.2-18
Red Hat/Red Hat build of Keycloak 26.2
26.2.15-1
Red Hat/Red Hat build of Keycloak 26.2.15
Red Hat/Red Hat build of Keycloak 26.4
26.4-14
Red Hat/Red Hat build of Keycloak 26.4
26.4.11-1
Red Hat/Red Hat build of Keycloak 26.4.11
redhat/build_of_keycloak
redhat/build_of_keycloak
26.2
redhat/build_of_keycloak
26.2.15
... and 2 more
Published
Apr 02, 2026
Tracked Since
Apr 02, 2026