Red hat build of keycloak 26.2
This hub aggregates every CVE we track for Red hat build of keycloak 26.2. Use it to gauge the current risk picture and drill into individual advisories.
other
25
CVEs tracked
0
Critical
14
High
0
In CISA KEV
Severity distribution
HIGH14MEDIUM10LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
1
0
0
2
2
1
3
1
1
0
3
3
5
3
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat build of keycloak 26.2.
- CVE-2026-7507Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover7.5
- CVE-2026-7504Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak8.1
- CVE-2026-7307Keycloak: keycloak: denial of service via specially crafted saml input7.5
- CVE-2026-4636Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.8.1
- CVE-2026-4634Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters7.5
- CVE-2026-4282Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw7.4
- CVE-2026-4325Keycloak: keycloak: replay of action tokens via improper handling of single-use entries5.3
- CVE-2026-3872Keycloak: keycloak: information disclosure due to redirect_uri validation bypass7.3
- CVE-2026-2603Keycloak: keycloak: unauthorized authentication via disabled saml identity provider8.1
- CVE-2026-2092Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions7.7
- CVE-2026-3047Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login8.8
- CVE-2025-12150Org.keycloak/keycloak-services: webauthn attestation statement verification bypass3.1
- CVE-2025-14778Keycloak: incorrect ownership checks in /uma-policy/5.4
- CVE-2026-1529Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation8.1
- CVE-2025-11419Keycloak: keycloak tls client-initiated renegotiation denial of service7.5
Product normalization is registry-driven with AI assist and human review. How it works