CVE-2026-3911

ADVISORY - github

Summary

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

EPSS Score⁠: 0.00025 (0.066)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-359⁠

Exposure of Private Personal Information to an Unauthorized Actor

ADVISORY - github

CWE-359⁠

Exposure of Private Personal Information to an Unauthorized Actor

Impacted images

Advisories

NIST

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-3911⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

2.7low

GitHub

CREATED

1 day ago

UPDATED

3 hours ago

ADVISORY IDGHSA-xh32-c9wx-phrp⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

2.7low