Single sign-on

This hub aggregates every CVE we track for Single sign-on, a product in the security products space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Single sign-on.

• CVE-2026-28369Undertow: undertow: request smuggling via malformed http request headers8.7Mar 27, 2026
• CVE-2026-28367Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator8.7Mar 27, 2026
• CVE-2026-28368Undertow: undertow: request smuggling via inconsistent header parsing8.7Mar 27, 2026
• CVE-2026-3121Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission6.5Mar 26, 2026
• CVE-2026-4874Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation3.1Mar 26, 2026
• CVE-2026-3260Undertow: undertow: denial of service due to premature multipart/form-data parsing in get requests5.9Mar 24, 2026
• CVE-2026-4366Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak5.8Mar 18, 2026
• CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
• CVE-2023-1932Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss6.1Nov 7, 2024
• CVE-2024-8883Keycloak: vulnerable redirect uri validation results in open redirec6.1Sep 19, 2024
• CVE-2023-6841Keycloak: amount of attributes per object is not limited and it may lead to dos7.5Sep 10, 2024
• CVE-2024-7341Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters7.1Sep 9, 2024
• CVE-2024-4629Keycloak: potential bypass of brute force protection6.5Sep 3, 2024
• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2024-1132Keycloak: path transversal in redirection validation8.1Apr 17, 2024