Keycloak Redirect URI Validation Bypass Vulnerability Allowing Access Token Theft

Vulnerability

A vulnerability exists in Keycloak's handling of redirect URIs that utilize wildcards. This flaw allows an attacker, who controls a different path on the same web server, to bypass the validation of allowed paths in redirect URIs. Exploiting this vulnerability could lead to the theft of an access token, resulting in unauthorized information disclosure.

Impact

By bypassing the redirect URI validation, an attacker could potentially steal access tokens, leading to unauthorized access to sensitive information.

Added: Apr 2, 2026, 1:50 PM

Updated: Apr 2, 2026, 1:50 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.7

exploitability

5.8

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.7

exploitability

5.8

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Redirect URI Validation Bypass Vulnerability Allowing Access Token Theft

Vulnerability

Impact

Affected Products

Red Hat Build of Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating