Zero Day MonitorZDM

← Back to list

7.3

CVE-2026-3872EXPLOITEDPATCHED

red hat · keycloak

Keycloak: keycloak: information disclosure due to redirect_uri validation bypass

Description

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.

Affected Products

Vendor	Product	Versions
red hat	keycloak	maven/org.keycloak:keycloak-services: < 26.5.7

References

https://access.redhat.com/errata/RHSA-2026:6475(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6476(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6477(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/errata/RHSA-2026:6478(vendor-advisory, x_refsource_REDHAT)
https://access.redhat.com/security/cve/CVE-2026-3872(vdb-entry, x_refsource_REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=2445988(issue-tracking, x_refsource_REDHAT)

Related News (1 articles)

Tier C

VulDB4d ago

CVE-2026-3872 | Keycloak redirect (RHSA-2026:6477)

→ No new info (linked only)

CVSS 3.17.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

org.keycloak:keycloak-services@26.5.7

CWECWE-601

PublishedApr 2, 2026

Last enriched4d agov2

Trending Score27

Source articles1

Independent1

Info Completeness9/14

Missing: versions, epss, kev, exploit, iocs

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-33540EXP

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

CRITICALCVE-2026-5704

Tar: tar: hidden file injection via crafted archives

HIGHCVE-2026-4634EXP

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

HIGHCVE-2026-4282EXP

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

HIGHCVE-2026-4636EXP

Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: severity, cvssEstimate, activelyExploited, mitreAttack

Apr 2, 2026

Actively Exploited

Apr 2, 2026

Patch Available

Apr 2, 2026

Version History

v2

Last enriched 4d ago

v2Tier C4d ago

Updated severity to HIGH, CVSS estimate to 5.3, marked as actively exploited, and noted that no exploit is available.

severitycvssEstimateactivelyExploitedmitreAttack

via VulDB

v14d ago

Initial creation