Known Vulnerabilities for Keycloak by Red Hat Inc.
Listed below are 10 of the newest known vulnerabilities associated with "Keycloak" by "Red Hat Inc.".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53913 json | Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failing Open') vulnerability in... | Not Provided | 2026-07-06 | 2026-07-07 |
| CVE-2026-48726 json | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout ... | Not Provided | 2026-06-01 | 2026-06-02 |
| CVE-2026-46455 json | Insufficient Session Expiration vulnerability in Apache Camel Keycloak Component. The camel-keycloak security helper Keycloa... | Not Provided | 2026-07-06 | 2026-07-06 |
| CVE-2026-46389 json | UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's ... | Not Provided | 2026-06-05 | 2026-06-05 |
| CVE-2026-41166 json | OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keyclo... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-40948 json | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state`... | Not Provided | 2026-04-18 | 2026-04-20 |
| CVE-2026-37982 json | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37981 json | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a re... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37980 json | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or... | Not Provided | 2026-04-14 | 2026-04-14 |
| CVE-2026-37979 json | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpo... | Not Provided | 2026-05-19 | 2026-05-20 |