Build of keycloak
This hub aggregates every CVE we track for Build of keycloak, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.
53
CVEs tracked
0
Critical
12
High
0
In CISA KEV
Severity distribution
MEDIUM36HIGH12LOW5
Monthly trend
0
1
5
1
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
2
8
8
24
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Build of keycloak.
- CVE-2026-9802Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart6.8
- CVE-2026-9803Keycloak: keycloak: denial of service via malformed authorization header5.3
- CVE-2026-9801Keycloak: keycloak: denial of service via malformed ldap password policy response4.9
- CVE-2026-9798Keycloak: keycloak: brute-force protection bypass in ciba flow4.3
- CVE-2026-9796Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability6.5
- CVE-2026-9795Keycloak: keycloak: privilege escalation via improper scope mapping enforcement7.3
- CVE-2026-9794Keycloak: keycloak: information disclosure via saml ecp endpoint5.3
- CVE-2026-9792Keycloak: keycloak: security restriction bypass allows unauthorized ropc token acquisition6.5
- CVE-2026-9793Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing5.9
- CVE-2026-9791Keycloak-rhel9: organization data leak after feature disabled in keycloak4.3
- CVE-2026-9704Keycloak: keycloak: privilege escalation due to oversized subject_token jwt6.8
- CVE-2026-9689Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-6044.2
- CVE-2026-9087Keycloak: cross-session email verification proof not bound to upstream identity in first-broker-login6.4
- CVE-2026-7571Keycloak: keycloak: access token disclosure and implicit flow bypass via forged client data7.1
- CVE-2026-7507Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover7.5
Product normalization is registry-driven with AI assist and human review. How it works