CVE-2026-37977 — A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin…
🚨 CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token (JWT) is used to se
cve-details
access.redhat.com
What This Means For You
- New vulnerability disclosed — verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-37977 | Misconfiguration | Keycloak: affected by CORS header injection when webOrigins is configured as ["*"] |
| CVE-2026-37977 | Information Disclosure | Keycloak: User-Managed Access (UMA) token endpoint reflects attacker-controlled 'azp' claim in CORS header before JWT validation, leading to exposure of low-sensitivity information from authorization server error responses. |
| CVE-2026-37977 | Code Injection | Keycloak: CORS header injection vulnerability in User-Managed Access (UMA) token endpoint due to improper validation of 'azp' claim in JWT. |
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158121 |
| Published | April 06, 2026 at 12:26 UTC |
| Original Link | https://access.redhat.com/security/cve/CVE-2026-37977 |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us on LinkedIn to stay ahead.
Share