PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-4366 Red Hat CVE debrief

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources. As a result, sensitive internal services such as cloud metadata endpoints could be accessed. This issue may lead to information disclosure and enable attackers to map internal network infrastructure.

Vendor
Red Hat
Product
Red Hat build of Keycloak 26.4
CVSS
MEDIUM 5.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-06-09
Advisory published
2026-03-18
Advisory updated
2026-06-09

Who should care

Users of Red Hat Keycloak, particularly those with exposure to internal or restricted resources, should be aware of this vulnerability.

Technical summary

The vulnerability, with a CVSS score of 5.8, is caused by Keycloak's improper handling of HTTP redirects. This allows attackers to manipulate the server into making unintended requests, potentially leading to information disclosure and internal network mapping.

Defensive priority

MEDIUM

Recommended defensive actions

  • Apply patches or updates provided by Red Hat to address the vulnerability.
  • Review and restrict access to Keycloak configuration and internal resources.
  • Monitor for suspicious activity and implement additional security measures as needed.

Evidence notes

The CVE was published on March 18, 2026, and modified on June 9, 2026. The vulnerability affects various Red Hat products, including Keycloak and JBoss Enterprise Application Platform.

Official resources

CVE-2026-4366 was published on 2026-03-18T04:17:32.450Z and was last modified on 2026-06-09T17:17:49.697Z.