{}

{}

{}

{"acknowledgement": "This issue was discovered by \u00c0ngel Oll\u00e9 Bl\u00e1zquez (Red Hat).", "bugzilla": {"description": "rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect and Content Spoofing via OAuth callback endpoint", "id": "2452218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452218"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["A flaw was found in Red Hat Advanced Cluster Security (ACS). An unauthenticated remote attacker can exploit a vulnerability in the login interface's OAuth callback endpoint by crafting a malicious URL. This URL, containing unvalidated `error` and `error_uri` parameters, allows the attacker to display arbitrary error messages, leading to content spoofing. Furthermore, the attacker can redirect victims to malicious domains, effectively performing an open redirect under the guise of the trusted application's user interface."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-4981", "package_state": [{"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Fix deferred", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}], "public_date": "2026-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4981\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4981"], "statement": "This Moderate impact vulnerability in Red Hat Advanced Cluster Security (ACS) allows an unauthenticated remote attacker to perform open redirect and content spoofing. By crafting a malicious URL with unvalidated parameters in the OAuth callback endpoint, an attacker can display arbitrary error messages and redirect users to malicious domains, appearing as the trusted application UI. This primarily affects user interaction with the login interface.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "advanced_cluster_security", "vendor": "redhat"}], "analysis": {"en": {"generated_at": "2026-03-28T13:36:58.614420+00:00", "value": {"mitigation_remediation": ["Verify whether Red\u00a0Hat has released a security update for ACS and apply the latest patch.", "If no patch is available, consider restricting the OAuth callback endpoint to trusted domains or disabling it until a fix is released.", "Configure a web application firewall or input validation rules to block or sanitize error and error_uri parameters from the OAuth callback URL.", "Continuously monitor authentication logs for anomalous redirect or error messages that may indicate exploitation attempts."], "summary": {"action": "Assess Impact", "impact": "Open Redirect and Content Spoofing"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Red\u00a0Hat Advanced Cluster Security, a security platform for Kubernetes environments. No specific version ranges are listed, implying that all installations of ACS could be affected until a patch is applied. Users should review the release notes from Red\u00a0Hat for a fix or consult the vendor\u2019s advisory pages.", "description_and_impact": "A flaw in the OAuth callback endpoint of Red\u00a0Hat Advanced Cluster Security (ACS) lets an unauthenticated attacker craft URLs with unvalidated error and error_uri parameters. The malicious link can cause the application to display arbitrary error messages, leading to content spoofing, and can redirect users to attacker\u2011controlled domains, effectively performing an open redirect under the trusted interface. This weakness is a classic example of CWE\u2011601 (Open Redirect). The consequences are primarily phishing or social\u2011engineering attacks rather than direct code execution, but the ability to trust the application\u2019s UI can undermine user confidence and facilitate credential theft or other downstream attacks.", "risk_and_exploitability": "The CVSS score is 5.4, which reflects moderate severity. EPSS data is not available, and the issue is not currently listed in the CISA KEV catalog. The attack requires no authentication and can be launched remotely by any user who can visit the login interface with a crafted URL, so the attack vector is network\u2011based. Due to the lack of exploit data, the likelihood is uncertain, but the moderate score and unrestricted remote access indicate a tangible risk if the system is exposed to untrusted users."}}}}, "created": "2026-03-29T20:26:38.094255+00:00", "updated": "2026-03-30T08:00:35.649629+00:00", "vendors": ["redhat", "redhat$PRODUCT$advanced_cluster_security"]}