CVE-2026-4366 in Keycloakالمعلومات

الملخص

بحسب MITRE • 18/03/2026

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Redhat

حجز

18/03/2026

إفشاء

18/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351464

CPE

جاهز

CWE

CWE-918 (مؤكد)

CVSS

5.8 (CNA)

EPSS

0.00036

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-4366
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-4366
CVE Details	https://www.cvedetails.com/cve/CVE-2026-4366/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!