CVE-2026-37977 — A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin…

/HIGH
CVE Notify vulnerabilitycve
CVE-2026-37977 — A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin…

🚨 CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's User-Managed Access (UMA) token endpoint. This flaw occurs because the azp claim from a client-supplied JSON Web Token (JWT) is used to se

cve-details
access.redhat.com

What This Means For You

  • New vulnerability disclosed — verify if your stack is exposed.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Link Initial Access T1078.004 Abuse Information Exposure Defense Evasion

Indicators of Compromise

IDTypeIndicator
CVE-2026-37977 Misconfiguration Keycloak: affected by CORS header injection when webOrigins is configured as ["*"]
CVE-2026-37977 Information Disclosure Keycloak: User-Managed Access (UMA) token endpoint reflects attacker-controlled 'azp' claim in CORS header before JWT validation, leading to exposure of low-sensitivity information from authorization server error responses.
CVE-2026-37977 Code Injection Keycloak: CORS header injection vulnerability in User-Managed Access (UMA) token endpoint due to improper validation of 'azp' claim in JWT.
🔎
Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.
Open Intel Bot →
Source & Attribution
Source PlatformTelegram
ChannelCVE Notify
PublishedApril 06, 2026 at 12:26 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Divi Form Builder Privilege Escalation: Unauthenticated Admin Account Creation

CVE-2026-5118 — The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to...

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-269
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs /⚙ 6 Sigma

CVE-2026-42396 — Insufficient Validation of Member Zone Data May Cause

CVE-2026-42396 — Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail

vulnerabilityCVEmedium-severity
/SCW Vulnerability Desk /MEDIUM /4.9 /⚑ 1 IOC /⚙ 1 Sigma

CVE-2026-42002 — Concurrency and locking defects in

CVE-2026-42002 — Concurrency and locking defects in GSS-TSIG

vulnerabilityCVEmedium-severity
/SCW Vulnerability Desk /MEDIUM /5.9 /⚑ 1 IOC /⚙ 3 Sigma