Vulnerabilities ›

CVE-2026-37980

Medium

CWE-79 — Weakness Type

                    Published: Apr 14, 2026                      ·  Modified: Apr 17, 2026                      ·  Source: NVD                

CVSS v3

6.9

🔗 NVD Official

📄 Description (English)

A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the `organization.alias` is placed into an inline JavaScript `onclick` handler, allowing a crafted JavaScript payload to execute in a user's browser when they view the login page. Successful exploitation enables arbitrary JavaScript execution, potentially leading to session theft, unauthorized account actions, or further attacks against users of the affected realm.

🤖 AI Executive Summary

CVE-2026-37980 is a Stored XSS vulnerability in Keycloak's organization selection login page where the organization.alias parameter is improperly placed in an inline JavaScript onclick handler. An attacker with administrative privileges can inject malicious JavaScript that executes in users' browsers, potentially leading to session theft and unauthorized actions.

📄 Description (Arabic)

يتعلق هذا الثغر بنقص في معالجة مدخلات معامل organization.alias في صفحة تسجيل الدخول الخاصة باختيار المنظمة في Keycloak. يسمح هذا النقص لمهاجم لديه امتيازات إدارية بحقن رمز JavaScript ضار سيتم تنفيذه في متصفح المستخدم عند زيارة صفحة تسجيل الدخول.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: Apr 14, 2026 22:08

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

Identity and Access Management Authentication Services Enterprise Software Cloud Services

🎯 MITRE ATT&CK Techniques

T1190 T1598 T1566 T1539

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update Keycloak to the latest patched version immediately. Implement input validation and output encoding for the organization.alias parameter. Apply Content Security Policy (CSP) headers to prevent inline script execution. Restrict manage-realm and manage-organizations administrative privileges to trusted personnel only. Audit existing organizations for malicious aliases and remove any suspicious entries.

🔧 خطوات المعالجة (العربية)

قم بتحديث Keycloak إلى أحدث إصدار معدل فوراً. طبق التحقق من صحة المدخلات وترميز المخرجات لمعامل organization.alias. طبق رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة. قيد امتيازات إدارة المجال والمنظمات للموظفين الموثوقين فقط. تدقيق المنظمات الموجودة للكشف عن الأسماء المستعارة الضارة وإزالة أي إدخالات مريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1 5.2 5.3

🔵 SAMA CSF

AC-2 AC-3 SI-10

🟡 ISO 27001:2022

A.5.1.1 A.5.1.2 A.14.2.1

🔗 References & Sources 2

🔗

https://access.redhat.com/security/cve/CVE-2026-37980

secalert@redhat.com

🔗

https://bugzilla.redhat.com/show_bug.cgi?id=2455325

secalert@redhat.com

📊 CVSS Score

6.9

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionR — Required

ScopeC — Changed

ConfidentialityH — High

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score6.9

CWECWE-79

EPSS0.05%

Exploit No

Patch ✗ No

Published 2026-04-14

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-37980

Introduce Yourself

Sign In Required