Red hat build of keycloak 26.4
This hub aggregates every CVE we track for Red hat build of keycloak 26.4, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
45
CVEs tracked
0
Critical
14
High
0
In CISA KEV
Severity distribution
MEDIUM21HIGH14LOW10
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
2
2
6
7
11
5
9
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat build of keycloak 26.4.
- CVE-2026-7571Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data7.1
- CVE-2026-7507Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover7.5
- CVE-2026-7504Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak8.1
- CVE-2026-37982Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay6.8
- CVE-2026-37979Keycloak: keycloak: information disclosure via oidc token introspection endpoint audience bypass6.5
- CVE-2026-37978Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api4.9
- CVE-2026-7307Keycloak: keycloak: denial of service via specially crafted saml input7.5
- CVE-2026-37981Keycloak: org.keycloak.authorization: keycloak: information disclosure via broken access control in user lookup endpoint4.3
- CVE-2026-4630Keycloak: keycloak: unauthorized resource access and data modification via insecure direct object reference6.8
- CVE-2026-4636Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.8.1
- CVE-2026-4634Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters7.5
- CVE-2026-4282Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw7.4
- CVE-2026-4325Keycloak: keycloak: replay of action tokens via improper handling of single-use entries5.3
- CVE-2026-3872Keycloak: keycloak: information disclosure due to redirect_uri validation bypass7.3
- CVE-2026-3121Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission6.5
Product normalization is registry-driven with AI assist and human review. How it works