Known Vulnerabilities for Keycloak by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Keycloak" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40948 json | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state`... | Not Provided | 2026-04-18 | 2026-04-20 |
| CVE-2026-37980 json | A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or... | Not Provided | 2026-04-14 | 2026-04-14 |
| CVE-2026-37977 json | A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerabi... | Not Provided | 2026-04-06 | 2026-04-06 |
| CVE-2026-4874 json | A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `c... | Not Provided | 2026-03-26 | 2026-04-01 |
| CVE-2026-4636 json | A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy ... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2026-4634 json | A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST ... | Not Provided | 2026-04-02 | 2026-04-03 |
| CVE-2026-4633 json | A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow ... | Not Provided | 2026-03-23 | 2026-04-01 |
| CVE-2026-4628 json | A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set... | Not Provided | 2026-03-23 | 2026-03-25 |
| CVE-2026-4366 json | A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects whe... | Not Provided | 2026-03-18 | 2026-03-18 |
| CVE-2026-4325 json | A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolatio... | Not Provided | 2026-04-02 | 2026-04-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Keycloak | 9.0.2 | |||
| Application | Redhat | Keycloak | 9.0.1 | |||
| Application | Redhat | Keycloak | 9.0.0 | |||
| Application | Redhat | Keycloak | 8.0.2 | |||
| Application | Redhat | Keycloak | 8.0.0 | |||
| Application | Redhat | Keycloak | 7.0.1 | |||
| Application | Redhat | Keycloak | 7.0.0 | |||
| Application | Redhat | Keycloak | 6.0.2 | |||
| Application | Redhat | Keycloak | 6.0.1 | |||
| Application | Redhat | Keycloak | 6.0.0 | |||
| Application | Redhat | Keycloak | 5.0.0 | |||
| Application | Redhat | Keycloak | 4.8.0 | |||
| Application | Redhat | Keycloak | 4.7.0 | |||
| Application | Redhat | Keycloak | 4.6.0 | |||
| Application | Redhat | Keycloak | 4.5.0 | |||
| Application | Redhat | Keycloak | 4.4.0 | |||
| Application | Redhat | Keycloak | 4.3.0 | |||
| Application | Redhat | Keycloak | 4.2.1 | |||
| Application | Redhat | Keycloak | 4.2.0 | |||
| Application | Redhat | Keycloak | 4.1.0 |