CVE-2026-9689EPSS p11.5%

CVE-2026-9689CVE-2026-9689

redhat / build_of_keycloak

Description

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

Scoring

CVSS 4.2 ()
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS0.21% probability of exploitation · percentile 11.5% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7504
CVE
CVE-2026-4366
CVE
CVE-2026-8830
CVE
CVE-2026-7571
CVE
CVE-2026-9793
CVE
CVE-2026-4636
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.