Red hat jboss enterprise application platform expansion pack
This hub aggregates every CVE we track for Red hat jboss enterprise application platform expansion pack, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
81
CVEs tracked
3
Critical
28
High
1
In CISA KEV
Severity distribution
MEDIUM43HIGH28LOW7CRITICAL3
Monthly trend
2
1
0
3
2
2
6
1
2
1
0
1
1
0
2
0
0
1
8
3
10
1
0
3
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat jboss enterprise application platform expansion pack.
- CVE-2026-11986Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak4.9
- CVE-2026-11577Keycloak: keycloak: privilege escalation via partialimport fgap permission bypass7.2
- CVE-2026-10805Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend6.7
- CVE-2026-6857Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization7.5
- CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7
- CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7
- CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7
- CVE-2026-3121Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission6.5
- CVE-2026-4874Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation3.1
- CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9
- CVE-2026-4628Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control4.3
- CVE-2026-4366Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak5.8
- CVE-2026-3429Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api4.2
- CVE-2026-3009Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass)8.1
- CVE-2026-0871Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators4.9
Product normalization is registry-driven with AI assist and human review. How it works