Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3911

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-11 Mar, 2026 | 05:36
Updated At-02 Apr, 2026 | 16:47
Rejected At-
Credits

Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:11 Mar, 2026 | 05:36
Updated At:02 Apr, 2026 | 16:47
Rejected At:
▼CVE Numbering Authority (CNA)
Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 26.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-operator-bundle
CPEs
  • cpe:/a:redhat:build_keycloak:26.4::el9
Default Status
affected
Versions
Unaffected
  • From 26.4.11-1 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 26.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:26.4::el9
Default Status
affected
Versions
Unaffected
  • From 26.4-14 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 26.4
Collection URL
https://catalog.redhat.com/software/containers/
Package Name
rhbk/keycloak-rhel9-operator
CPEs
  • cpe:/a:redhat:build_keycloak:26.4::el9
Default Status
affected
Versions
Unaffected
  • From 26.4-14 before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat build of Keycloak 26.4.11
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhbk/keycloak-rhel9
CPEs
  • cpe:/a:redhat:build_keycloak:26.4::el9
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-359Exposure of Private Personal Information to an Unauthorized Actor
Type: CWE
CWE ID: CWE-359
Description: Exposure of Private Personal Information to an Unauthorized Actor
Metrics
VersionBase scoreBase severityVector
3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Red Hat severity rating
value:
Low
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Exploits
Credits
Red Hat would like to thank drak3hft7 for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-03-11 03:30:01
Made public.2026-03-11 03:30:00
Event: Reported to Red Hat.
Date: 2026-03-11 03:30:01
Event: Made public.
Date: 2026-03-11 03:30:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:6477
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6478
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-3911
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2446392
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6477
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6478
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-3911
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2446392
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:11 Mar, 2026 | 06:17
Updated At:02 Apr, 2026 | 14:16

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-359Secondarysecalert@redhat.com
CWE ID: CWE-359
Type: Secondary
Source: secalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2026:6477secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:6478secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2026-3911secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2446392secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6477
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:6478
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-3911
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2446392
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2019-14825
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.15% / 35.95%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 00:00
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry credentials to other privileged users.

Action-Not Available
Vendor-Red Hat, Inc.The Foreman
Product-katellokatello
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2025-14082
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.01% / 2.10%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 09:04
Updated-02 Apr, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure

A flaw was found in Keycloak Admin REST (Representational State Transfer) API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/{realm}/roles endpoint.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.11
CWE ID-CWE-284
Improper Access Control
CVE-2025-14083
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.04% / 10.77%
||
7 Day CHG~0.00%
Published-21 Jan, 2026 | 12:04
Updated-02 Apr, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.11
CWE ID-CWE-284
Improper Access Control
CVE-2025-13881
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 05:43
Updated-10 Feb, 2026 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api

A flaw was found in Keycloak Admin API. This vulnerability allows an administrator with limited privileges to retrieve sensitive custom attributes via the /unmanagedAttributes endpoint, bypassing User Profile visibility settings.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat build of Keycloak 26.4Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-5967
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.13% / 32.69%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 12:05
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: leak of configured ldap bind credentials through the keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL  independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access (permission manage-realm) to change the LDAP host URL ("Connection URL") to a machine they control. The Keycloak server will connect to the attacker's host and try to authenticate with the configured credentials, thus leaking them to the attacker. As a consequence, an attacker who has compromised the admin console or compromised a user with sufficient privileges can leak domain credentials and attack the domain.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Single Sign-On 7.6 for RHEL 8Red Hat Single Sign-On 7.6 for RHEL 7RHEL-8 based Middleware ContainersRed Hat Single Sign-On 7Red Hat Single Sign-On 7.6 for RHEL 9Red Hat Build of KeycloakRed Hat build of Keycloak 22
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-5416
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.25% / 47.97%
||
7 Day CHG+0.18%
Published-20 Jun, 2025 | 16:04
Updated-21 Nov, 2025 | 07:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-core: keycloak environment information

A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakRed Hat Build of Keycloak
CWE ID-CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CVE-2023-5384
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.2||HIGH
EPSS-0.41% / 61.59%
||
7 Day CHG-0.11%
Published-18 Dec, 2023 | 13:43
Updated-20 Nov, 2025 | 07:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Infinispan: credentials returned from configuration as clear text

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

Action-Not Available
Vendor-infinispanRed Hat, Inc.
Product-jboss_data_gridinfinispandata_gridRed Hat Data Grid 8.4.6
CWE ID-CWE-312
Cleartext Storage of Sensitive Information
CVE-2020-14341
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-2.7||LOW
EPSS-0.30% / 53.21%
||
7 Day CHG~0.00%
Published-12 Jan, 2021 | 14:23
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timings of these scans, an attacker may glean information about hosts and ports which they do not have access to scan directly.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onRed Hat Single Sign-On
CWE ID-CWE-385
Covert Timing Channel
CVE-2025-6017
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.38%
||
7 Day CHG~0.00%
Published-02 Jul, 2025 | 06:36
Updated-20 Nov, 2025 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhacm: users with clusterreader role can see credentials from managed-clusters

A flaw was found in Red Hat Advanced Cluster Management through versions 2.10, before 2.10.7, 2.11, before 2.11.4, and 2.12, before 2.12.4. This vulnerability allows an unprivileged user to view confidential managed cluster credentials through the UI. This information should only be accessible to authorized users and may result in the loss of confidentiality of administrative information, which could be leaked to unauthorized actors.

Action-Not Available
Vendor-Red Hat, Inc.
Product-advanced_cluster_management_for_kubernetesRed Hat Advanced Cluster Management for Kubernetes 2
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
Details not found