Keycloak URL Matrix Param Input Validation (CVE-2026-0976)
CVE-2026-0976 Published on January 15, 2026

Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths
A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments, potentially bypassing proxy-level path filtering. This could expose administrative or sensitive endpoints that operators believe are not externally reachable.

NVD

Vulnerability Analysis

CVE-2026-0976 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Timeline

Reported to Red Hat.

Made public.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2026-0976

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Build Keycloak
 
Red Hat Jboss Enterprise Application Platform
 
Red Hat Jbosseapxp
 

Affected Versions

Red Hat Build of Keycloak: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat JBoss Enterprise Application Platform Expansion Pack:

Exploit Probability

EPSS
0.01%
Percentile
1.49%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.