CVE-2026-3911

ADVISORY - github

Summary

A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this user could improperly retrieve user attributes that were configured to be hidden. This unauthorized information disclosure could expose sensitive user data.

EPSS Score⁠: 0.00025 (0.066)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-359⁠

Exposure of Private Personal Information to an Unauthorized Actor

ADVISORY - github

CWE-359⁠

Exposure of Private Personal Information to an Unauthorized Actor

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.