Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-auwb-hcuv-gygf
SummaryA flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information disclosure.
Aliases
0
alias CVE-2026-3872
1
alias GHSA-cjm2-j6cm-6p6m
Fixed_packages
0
url pkg:maven/org.keycloak/keycloak-services@26.5.7
purl pkg:maven/org.keycloak/keycloak-services@26.5.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cf37-8d6y-r3d5
1
vulnerability VCID-y1h3-yyn9-53fr
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.keycloak/keycloak-services@26.5.7
Affected_packages
References
0
reference_url https://access.redhat.com/errata/RHSA-2026:6475
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6475
1
reference_url https://access.redhat.com/errata/RHSA-2026:6476
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6476
2
reference_url https://access.redhat.com/errata/RHSA-2026:6477
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6477
3
reference_url https://access.redhat.com/errata/RHSA-2026:6478
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/errata/RHSA-2026:6478
4
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01291
published_at 2026-04-21T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09277
published_at 2026-04-18T12:55:00Z
2
value 0.00032
scoring_system epss
scoring_elements 0.09286
published_at 2026-04-07T12:55:00Z
3
value 0.00032
scoring_system epss
scoring_elements 0.09375
published_at 2026-04-04T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09561
published_at 2026-04-08T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09469
published_at 2026-04-16T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09576
published_at 2026-04-13T12:55:00Z
7
value 0.00033
scoring_system epss
scoring_elements 0.09592
published_at 2026-04-12T12:55:00Z
8
value 0.00033
scoring_system epss
scoring_elements 0.09622
published_at 2026-04-11T12:55:00Z
9
value 0.00033
scoring_system epss
scoring_elements 0.09608
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-3872
6
reference_url https://github.com/keycloak/keycloak
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak
7
reference_url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/commit/35a71b00bc856ac402711130f60190d3a24795e7
8
reference_url https://github.com/keycloak/keycloak/issues/47718
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/keycloak/keycloak/issues/47718
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
reference_id cpe:/a:redhat:build_keycloak:26.2::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.2::el9
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
reference_id cpe:/a:redhat:build_keycloak:26.4::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:26.4::el9
11
reference_url https://access.redhat.com/security/cve/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://access.redhat.com/security/cve/CVE-2026-3872
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
reference_id CVE-2026-3872
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-3872
13
reference_url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
reference_id GHSA-cjm2-j6cm-6p6m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cjm2-j6cm-6p6m
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
reference_id show_bug.cgi?id=2445988
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-02T13:15:11Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2445988
Weaknesses
0
cwe_id 601
name URL Redirection to Untrusted Site ('Open Redirect')
description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
Exploits
Severity_range_score7.0 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-auwb-hcuv-gygf