Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Red Hat — Vulnerabilities & Security Advisories 694

Browse all 694 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Found 19 results / 694Clear Filters
Top products by Red Hat: Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 6 Ansible keycloak Red Hat Enterprise Linux 9 Red Hat Hardened Images Red Hat build of Keycloak 26.4 Red Hat Enterprise Linux 7 glusterfs Red Hat Build of Keycloak kernel Red Hat build of Keycloak 26.2 newlib mirror registry for Red Hat OpenShift Red Hat Ansible Automation Platform 2.5 for RHEL 8 Red Hat Single Sign-On 7 OpenShift undertow samba Red Hat Advanced Cluster Security 4.2 wildfly ipa cloudforms Red Hat Quay 3 cfme Red Hat Ansible Automation Platform 2.4 for RHEL 8 Red Hat Satellite 6.16 for RHEL 8 Ansible Tower Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION
CVE IDTitleCVSSSeverityPublished
CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission — Red Hat build of Keycloak 26.4CWE-266 6.5 Medium2026-03-26
CVE-2026-3190 Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api — Red Hat build of Keycloak 26.4CWE-280 4.3 Medium2026-03-26
CVE-2026-2575 Keycloak: keycloak: denial of service due to excessive samlrequest decompression — Red Hat build of Keycloak 26.4CWE-409 5.3 Medium2026-03-18
CVE-2026-2366 Keycloak: keycloak: information disclosure via authorization bypass in admin api — Red Hat build of Keycloak 26.4CWE-639 3.1 Low2026-03-12
CVE-2026-3429 Org.keycloak.services.resources.account: improper access control leading to mfa deletion and account takeover in keycloak account rest api — Red Hat build of Keycloak 26.4CWE-284 4.2 Medium2026-03-11
CVE-2026-3911 Org.keycloak.services.resources.admin.userresource: keycloak: information disclosure of disabled user attributes via administrative endpoint — Red Hat build of Keycloak 26.4CWE-359 2.7 Low2026-03-11
CVE-2026-3009 Org.keycloak/keycloak-services: improper enforcement of disabled identity provider in identitybrokerservice (authentication bypass) — Red Hat build of Keycloak 26.4CWE-863 8.1 High2026-03-05
CVE-2026-0871 Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators — Red Hat build of Keycloak 26.4CWE-266 4.9 Medium2026-02-27
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol — Red Hat build of Keycloak 26.4CWE-285 3.8 Low2026-02-19
CVE-2026-1486 Org.keycloak.protocol.oidc.grants: disabled identity providers are still accepted for jwt authorization grant — Red Hat build of Keycloak 26.4CWE-358 8.8 High2026-02-09
CVE-2025-13881 Org.keycloak.services.resources.admin: keycloak: limited administrator can retrieve sensitive user attributes via admin api — Red Hat build of Keycloak 26.4CWE-266 2.7 Low2026-02-02
CVE-2026-1190 Org.keycloak/keycloak-services: keycloak saml brokering: response delay due to unchecked notonorafter in subjectconfirmationdata — Red Hat build of Keycloak 26.4CWE-112 3.1 Low2026-01-26
CVE-2025-14083 Keycloak-server: keycloak: improper access control in admin rest api leads to information disclosure — Red Hat build of Keycloak 26.4CWE-284 2.7 Low2026-01-21
CVE-2025-14559 Org.keycloak/keycloak-services: keycloak keycloak-services: business logic flaw allows unauthorized token issuance for disabled users — Red Hat build of Keycloak 26.4CWE-840 6.5 Medium2026-01-21
CVE-2026-1035 Org.keycloak.protocol.oidc: keycloak refresh token reuse bypass via toctou race condition — Red Hat build of Keycloak 26.4CWE-367 3.1 Low2026-01-21
CVE-2026-1180 Org.keycloak.protocol.oidc: blind server-side request forgery (ssrf) in keycloak oidc dynamic client registration via jwks_uri — Red Hat build of Keycloak 26.4CWE-918 5.8 Medium2026-01-20
CVE-2026-0707 Keycloak: keycloak authorization header parsing leading to potential security control bypass — Red Hat build of Keycloak 26.4CWE-551 5.3 Medium2026-01-08
CVE-2025-14777 Keycloak: keycloak idor in realm client creating/deleting — Red Hat build of Keycloak 26.4CWE-289 6.0 Medium2025-12-16
CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure — Red Hat build of Keycloak 26.4CWE-284 2.7 Low2025-12-10

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.