CVE-2026-9689 – Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication – #ghi-604

CVE ID :CVE-2026-9689

Published : May 27, 2026, 12:17 p.m. | 14 minutes ago

Description :A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.

Severity: 4.2 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-48906 – Extension – tassos.gr – Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla

CVE-2026-45846 – bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst()

CVE-2026-45845 – net/sched: taprio: fix NULL pointer dereference in class dump

CVE-2026-45844 – netfilter: arp_tables: fix IEEE1394 ARP payload parsing