Build Of Keycloak
CVE-2026-3911
LOW
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 43 maven packages depend on org.keycloak:keycloak-services (15 direct, 28 indirect)
Ecosystem-wide dependent count for version 26.5.5.
DescriptionCVE.org
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
AnalysisAI
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. [CVSS 2.7 LOW]
Technical ContextAI
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Build Of Keycloak
View allA misconfiguration flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploita
Keycloak's SAML identity provider broker fails to enforce client disabled status during IdP-initiated SSO flows, allowin
Privilege escalation in Red Hat Build of Keycloak allows low-privileged authenticated users to assume the permissions of
Keycloak's IdentityBrokerService.performLogin endpoint fails to enforce disabled Identity Provider restrictions, allowin
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. Rated high severity (CVSS
A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across
A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. Ra
Stored XSS in Keycloak's organization selection login page allows authenticated administrators with manage-realm or mana
Refresh token replay in Keycloak allows a remote attacker who has previously captured a user's refresh token to reuse th
Privilege escalation in Keycloak's Fine-Grained Admin Permissions v2 (FGAPv2) allows administrative users with the manag
A vulnerability was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no
An open redirect vulnerability was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely e
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-xh32-c9wx-phrp