CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-3911

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.0%

CVSS Severity

CVSS v3 Score 2.7

References

https://access.redhat.com/errata/RHSA-2026:6477
https://access.redhat.com/errata/RHSA-2026:6478
https://access.redhat.com/security/cve/CVE-2026-3911
https://bugzilla.redhat.com/show_bug.cgi?id=2446392

Products affected by CVE-2026-3911

Redhat » Build Of Keycloak » Version: N/A

cpe:2.3:a:redhat:build_of_keycloak:-
Redhat » Build Of Keycloak » Version: 26.4

cpe:2.3:a:redhat:build_of_keycloak:26.4
Redhat » Build Of Keycloak » Version: 26.4.11

cpe:2.3:a:redhat:build_of_keycloak:26.4.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-3911

Products

Pricing

Contact Us