CVE-2026-9689

Published: Mag 27, 2026 Last Modified: Mag 27, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,2
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: none

Description

AI Translation Available

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

1288

Improper Validation of Consistency within Input

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
All platforms may be affected
View CWE Details
https://access.redhat.com/security/cve/CVE-2026-9689
https://access.redhat.com/security/cve/CVE-2026-9689
https://bugzilla.redhat.com/show_bug.cgi?id=2481845
https://bugzilla.redhat.com/show_bug.cgi?id=2481845