CVE-2026-9689— Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
Possible ATT&CK Techniques 2AI
T1528 · Steal Application Access Token T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Build of Keycloak | any | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9689
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks this link, the client application might incorrectly prioritize attacker-controlled information over legitimate data. This vulnerability, known as HTTP parameter pollution, could allow an attacker to bypass security measures or gain unauthorized access to resources.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-1288
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Red Hat | Red Hat Build of Keycloak | - | cpe:/a:redhat:build_keycloak: |
II. Public POCs for CVE-2026-9689
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9689
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-9689 (1)
Other References for CVE-2026-9689 (1)
Same Patch Batch · Red Hat · 2026-05-27 · 5 CVEs total
| CVE-2026-3012 | 8.0 HIGH | Samba: group policy certificate enrollment uses http:// without validation |
| CVE-2026-1933 | 7.1 HIGH | Samba: missing access check on reparse point operations |
| CVE-2026-9704 | 6.8 MEDIUM | Keycloak: keycloak: privilege escalation due to oversized subject_token jwt |
| CVE-2026-2340 | 6.5 MEDIUM | Samba: vfs_worm does not block directory modification |
IV. Related Vulnerabilities
Same product: Red Hat Build of Keycloak
- CVE-2026-9803
Keycloak: keycloak: denial of service via malformed authoriz - CVE-2026-9802
Keycloak: keycloak: unauthorized account access via replayed - CVE-2026-9801
Keycloak: keycloak: denial of service via malformed ldap pas - CVE-2026-9798
Keycloak: keycloak: brute-force protection bypass in ciba fl - CVE-2026-9796
Keycloak: keycloak: privilege escalation via time-of-check t
Same vendor: Red Hat
- CVE-2026-9804
Kubevirt: kubevirt: vmexport directory symlink escape enable - CVE-2026-4408
Samba: remote code execution in samr - CVE-2026-44604
Rpm: command injection in rpmuncompress dountar() via unesca - CVE-2026-9803
Keycloak: keycloak: denial of service via malformed authoriz - CVE-2026-9802
Keycloak: keycloak: unauthorized account access via replayed
Same weakness: CWE-1288
- CVE-2022-50976
Innomic VibroLine Configurator and avibia Configurator allow - CVE-2025-10929
Reverse Proxy Header - Less critical - Access bypass - SA-CO - CVE-2025-46722
vLLM has a Weakness in MultiModalHasher Image Hashing Implem - CVE-2024-12093
Improper Validation of Consistency within Input in GitLab - CVE-2025-2885
Root metadata version not validated in tough
V. Comments for CVE-2026-9689
No comments yet