Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Red Hat Build of Keycloak — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in Red Hat Build of Keycloak, with AI-generated Chinese analysis, references, and POCs.

Vendor: Red Hat

CVE IDTitleCVSSSeverityPublished
CVE-2026-7500 Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled CWE-425 5.4 Medium2026-04-30
CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page CWE-79 6.9 Medium2026-04-14
CVE-2026-37977 Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim CWE-346 3.7 Low2026-04-06
CVE-2026-4874 Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation CWE-918 3.1 Low2026-03-26
CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages CWE-209 3.7 Low2026-03-23
CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control CWE-284 4.3 Medium2026-03-23
CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak CWE-918 5.8 Medium2026-03-18
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs CWE-117 5.0 Medium2026-02-10
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak CWE-918 2.7 Low2026-02-02
CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths CWE-20 3.7 Low2026-01-15
CVE-2025-5416 Keycloak-core: keycloak environment information CWE-497 2.7 Low2025-06-20

All 11 known CVE vulnerabilities affecting Red Hat Build of Keycloak with full Chinese analysis, references, and POCs where available.