Jboss enterprise application platform

This hub aggregates every CVE we track for Jboss enterprise application platform, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Operating Systemson-premos

295

CVEs tracked

Critical

109

High

In CISA KEV

Severity distribution

MEDIUM123HIGH109CRITICAL42LOW21

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Jboss enterprise application platform.

CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
CVE-2026-3121Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission6.5Mar 26, 2026
CVE-2026-4874Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation3.1Mar 26, 2026
CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
CVE-2026-4366Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak5.8Mar 18, 2026
CVE-2026-27903minimatch has a ReDoS: matchOne() combinatorial backtracking via multiple non-adjacent GLOBSTAR segments7.5Feb 26, 2026
CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6Jan 7, 2026
CVE-2025-58057Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack7.5Sep 3, 2025
CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
CVE-2025-5731Infinispan: credential leakage in infinispan cli5.5Jun 26, 2025
CVE-2025-48734Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default8.8May 28, 2025
CVE-2025-23368Org.wildfly.core:wildfly-elytron-integration: wildfly elytron brute force attack via cli8.1Mar 4, 2025
CVE-2025-23367Org.wildfly.core:wildfly-server: wildfly improper rbac permission6.5Jan 30, 2025

Product normalization is registry-driven with AI assist and human review. How it works