Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-v897-pv23-r8cw

Опубликовано: 15 янв. 2026
Источник: github
Github: Прошло ревью
CVSS3: 3.7

Описание

Keycloak has an improper input validation vulnerability

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

Ссылки

Пакеты

Наименование

org.keycloak:keycloak-quarkus-server

maven
Затронутые версииВерсия исправления

<= 26.2.5

Отсутствует

EPSS

Процентиль: 10%
0.00036
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2026-0976

Дефекты

CWE-20

Связанные уязвимости

nvd логотип

CVE-2026-0976

CVSS3: 3.7
nvd
23 дня назад

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

debian логотип

CVE-2026-0976

CVSS3: 3.7
debian
23 дня назад

A flaw was found in Keycloak. This improper input validation vulnerabi ...

EPSS

Процентиль: 10%
0.00036
Низкий

3.7 Low

CVSS3

CVE ID

CVE-2026-0976

Дефекты

CWE-20