Known Vulnerabilities for Keycloak by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Keycloak" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48726 json | A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout ... | Not Provided | 2026-06-01 | 2026-06-01 |
| CVE-2026-41166 json | OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.1, a user who has `write:admin` in one Keyclo... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-40948 json | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state`... | Not Provided | 2026-04-18 | 2026-04-20 |
| CVE-2026-37982 json | A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay `ExecuteActionsActionToken... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37981 json | A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a re... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37980 json | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or... | Not Provided | 2026-04-14 | 2026-04-14 |
| CVE-2026-37979 json | A flaw was found in Keycloak. This access control vulnerability in Keycloak's OpenID Connect (OIDC) token introspection endpo... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37978 json | A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'ev... | Not Provided | 2026-05-19 | 2026-05-20 |
| CVE-2026-37977 json | A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerabi... | Not Provided | 2026-04-06 | 2026-04-06 |
| CVE-2026-33585 json | Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker t... | Not Provided | 2026-05-13 | 2026-05-13 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Keycloak | 9.0.2 | |||
| Application | Redhat | Keycloak | 9.0.1 | |||
| Application | Redhat | Keycloak | 9.0.0 | |||
| Application | Redhat | Keycloak | 8.0.2 | |||
| Application | Redhat | Keycloak | 8.0.0 | |||
| Application | Redhat | Keycloak | 7.0.1 | |||
| Application | Redhat | Keycloak | 7.0.0 | |||
| Application | Redhat | Keycloak | 6.0.2 | |||
| Application | Redhat | Keycloak | 6.0.1 | |||
| Application | Redhat | Keycloak | 6.0.0 | |||
| Application | Redhat | Keycloak | 5.0.0 | |||
| Application | Redhat | Keycloak | 4.8.0 | |||
| Application | Redhat | Keycloak | 4.7.0 | |||
| Application | Redhat | Keycloak | 4.6.0 | |||
| Application | Redhat | Keycloak | 4.5.0 | |||
| Application | Redhat | Keycloak | 4.4.0 | |||
| Application | Redhat | Keycloak | 4.3.0 | |||
| Application | Redhat | Keycloak | 4.2.1 | |||
| Application | Redhat | Keycloak | 4.2.0 | |||
| Application | Redhat | Keycloak | 4.1.0 |