Medium severity5.8NVD Advisory· Published Mar 18, 2026· Updated Jun 9, 2026
CVE-2026-4366
CVE-2026-4366
Description
A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- cpe:2.3:a:redhat:build_of_keycloak:-:*:*:*:-:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- access.redhat.com/security/cve/CVE-2026-4366nvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingVendor Advisory
- access.redhat.com/errata/RHSA-2026:19596nvd
- access.redhat.com/errata/RHSA-2026:19597nvd
News mentions
0No linked articles in our index yet.