Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Red Hat build of Keycloak 26.2 — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Red Hat build of Keycloak 26.2, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the Red Hat build of Keycloak 26.2, categorized by Common Weakness Enumeration (CWE) types and affected components. It aggregates publicly disclosed security issues and internal tracking data relevant to this specific enterprise identity and access management solution. The content covers vulnerabilities identified from the initial release of version 26.2 up to the present date, ensuring a comprehensive historical record of security events. Visitors to this resource can discover critical details regarding advisory timelines, allowing them to track vendor responses and patch availability efficiently. The page also provides context to understand the nature of specific weakness classes, such as authentication bypasses or configuration errors, which have impacted this software version. Additionally, users can look up the complete vulnerability history of the product to assess risk exposure and prioritize remediation efforts. By consolidating disparate security reports, this page serves as a central reference point for administrators and security analysts seeking to maintain the integrity of their deployment. The information presented is intended to support informed decision-making regarding updates and mitigation strategies without requiring external research. All data points are derived from verified sources and official vendor communications to ensure accuracy and reliability for enterprise security operations.

Vendor: Red Hat

CVE IDTitleCVSSSeverityPublished
CVE-2026-7507 Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover CWE-290 7.5 High2026-05-19
CVE-2026-7504 Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak CWE-601 8.1 High2026-05-19
CVE-2026-7307 Keycloak: keycloak: denial of service via specially crafted saml input CWE-1286 7.5 High2026-05-19
CVE-2026-4636 Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources. CWE-551 8.1 High2026-04-02
CVE-2026-4282 Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw CWE-653 7.4 High2026-04-02
CVE-2026-4325 Keycloak: keycloak: replay of action tokens via improper handling of single-use entries CWE-653 5.3 Medium2026-04-02
CVE-2026-4634 Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters CWE-1050 7.5 High2026-04-02
CVE-2026-3872 Keycloak: keycloak: information disclosure due to redirect_uri validation bypass CWE-601 7.3 High2026-04-02
CVE-2026-2603 Keycloak: keycloak: unauthorized authentication via disabled saml identity provider CWE-306 8.1 High2026-03-18
CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions CWE-1287 7.7 High2026-03-18
CVE-2026-3047 Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login CWE-305 8.8 High2026-03-05
CVE-2025-14778 Keycloak: incorrect ownership checks in /uma-policy/ CWE-266 5.4 Medium2026-02-09
CVE-2026-1529 Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation CWE-347 8.1 High2026-02-09

All 13 known CVE vulnerabilities affecting Red Hat build of Keycloak 26.2 with full Chinese analysis, references, and POCs where available.