Red Hat Build of Keycloak 产品漏洞列表 / CVE 中文分析 11

Red Hat Build of Keycloak 产品相关 11 条漏洞，AI 中文标题与摘要、CVSS、POC 一站汇总。

ベンダー: Red Hat

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-7500	Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled CWE-425	5.4	Medium	2026-04-30
CVE-2026-37980	Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page CWE-79	6.9	Medium	2026-04-14
CVE-2026-37977	Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim CWE-346	3.7	Low	2026-04-06
CVE-2026-4874	Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation CWE-918	3.1	Low	2026-03-26
CVE-2026-4633	Keycloak: keycloak: user enumeration via differential error messages CWE-209	3.7	Low	2026-03-23
CVE-2026-4628	Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control CWE-284	4.3	Medium	2026-03-23
CVE-2026-4366	Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak CWE-918	5.8	Medium	2026-03-18
CVE-2025-11537	Keycloak-server: sensitive headers shown in the http access logs CWE-117	5.0	Medium	2026-02-10
CVE-2026-1518	Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak CWE-918	2.7	Low	2026-02-02
CVE-2026-0976	Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths CWE-20	3.7	Low	2026-01-15
CVE-2025-5416	Keycloak-core: keycloak environment information CWE-497	2.7	Low	2025-06-20

Red Hat Build of Keycloak 产品累计公开 11 条 CVE 漏洞，本页提供按时间倒序的完整列表，包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。