CNNVD-202601-2676 Information

CNNVD ID

CNNVD-202601-2676

Related CVE

CVE-2026-0976

• CNNVD Published: 2026-01-15

Description (Chinese)

Keycloak是Keycloak开源的一种开源身份和访问管理解决方案。 Keycloak存在输入验证错误漏洞，该漏洞源于输入验证不当，接受URL路径段中的RFC合规矩阵参数，可能导致远程攻击者绕过代理级路径过滤，暴露管理或敏感端点。

Description (English)

Keycloak is an open-source identity and access management solution for Keycloak. Keycloak has an input validation error loophole, which results from inappropriate input validation, acceptance of the RFC compliance matrix parameters in the URL path, which may lead to remote attackers bypassing proxy-level path filters, exposing management or sensitive endpoints.

Hazard Level

Critical

Vulnerability Type

输入验证错误

Affected Vendor

Keycloak

Published

2026-01-15

Last Modified

2026-02-24

References

https://access.redhat.com/security/cve/CVE-2026-0976 https://bugzilla.redhat.com/show_bug.cgi?id=2429869