2452218 – (CVE-2026-4981) CVE-2026-4981 rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect and Content Spoofing via OAuth callback endpoint

Bug 2452218 (CVE-2026-4981) - CVE-2026-4981 rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect and Content Spoofing via OAuth callback endpoint

Summary: CVE-2026-4981 rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect a...

Keywords:
Status:	NEW
Alias:	CVE-2026-4981
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-03-27 11:22 UTC by OSIDB Bzimport
Modified:	2026-03-27 13:22 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-03-27 11:22:15 UTC

A vulnerability in the Red Hat Advanced Cluster Security (ACS) login interface allows for Open Redirect and Content Spoofing via the OAuth callback endpoint. An unauthenticated remote attacker can craft a malicious URL containing unvalidated error and error_uri parameters, which are reflected in the login page. This allows the attacker to display arbitrary error messages and redirect victims to malicious domains under the guise of the trusted application UI.

Note You need to log in before you can comment on or make changes to this bug.