Red hat build of keycloak 26.2
This hub aggregates every CVE we track for Red hat build of keycloak 26.2, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
25
CVEs tracked
0
Critical
14
High
0
In CISA KEV
Severity distribution
HIGH14MEDIUM10LOW1
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
2
2
1
3
1
1
0
3
3
5
3
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat build of keycloak 26.2.
- CVE-2026-7507Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover7.5
- CVE-2026-7504Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak8.1
- CVE-2026-7307Keycloak: keycloak: denial of service via specially crafted saml input7.5
- CVE-2026-4636Keycloak: keycloak: uma policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.8.1
- CVE-2026-4634Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters7.5
- CVE-2026-4325Keycloak: keycloak: replay of action tokens via improper handling of single-use entries5.3
- CVE-2026-4282Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw7.4
- CVE-2026-3872Keycloak: keycloak: information disclosure due to redirect_uri validation bypass7.3
- CVE-2026-2603Keycloak: keycloak: unauthorized authentication via disabled saml identity provider8.1
- CVE-2026-2092Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions7.7
- CVE-2026-3047Org.keycloak.broker.saml: keycloak saml broker: authentication bypass due to disabled saml client completing idp-initiated login8.8
- CVE-2025-12150Org.keycloak/keycloak-services: webauthn attestation statement verification bypass3.1
- CVE-2025-14778Keycloak: incorrect ownership checks in /uma-policy/5.4
- CVE-2026-1529Org.keycloak.services.resources.organizations: keycloak: unauthorized organization registration via improper invitation token validation8.1
- CVE-2025-11419Keycloak: keycloak tls client-initiated renegotiation denial of service7.5
Product normalization is registry-driven with AI assist and human review. How it works