Known Vulnerabilities for Keycloak by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Keycloak" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-4874 | A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `c... | Not Provided | 2026-03-26 | 2026-04-01 |
| CVE-2026-4633 | A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow ... | Not Provided | 2026-03-23 | 2026-04-01 |
| CVE-2026-4628 | A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloak’s User-Managed Access (UMA) resource_set... | Not Provided | 2026-03-23 | 2026-03-25 |
| CVE-2026-4366 | A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects whe... | Not Provided | 2026-03-18 | 2026-03-18 |
| CVE-2026-3190 | A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enfor... | Not Provided | 2026-03-26 | 2026-03-27 |
| CVE-2026-3121 | A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this per... | Not Provided | 2026-03-26 | 2026-04-01 |
| CVE-2022-0225 | A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while cre... | 5.4 - MEDIUM | 2022-08-26 | 2022-09-01 |
| CVE-2021-20222 | A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be executed using the referrer ... | 7.5 - HIGH | 2021-03-23 | 2022-10-21 |
| CVE-2021-20202 | A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, ... | 7.3 - HIGH | 2021-05-12 | 2021-05-17 |
| CVE-2021-20195 | A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account take... | 9.6 - CRITICAL | 2021-05-28 | 2022-08-05 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Keycloak | 9.0.2 | All | All | All |
| Application | Redhat | Keycloak | 9.0.1 | All | All | All |
| Application | Redhat | Keycloak | 9.0.0 | All | All | All |
| Application | Redhat | Keycloak | 8.0.2 | All | All | All |
| Application | Redhat | Keycloak | 8.0.0 | All | All | All |
| Application | Redhat | Keycloak | 7.0.1 | All | All | All |
| Application | Redhat | Keycloak | 7.0.0 | All | All | All |
| Application | Redhat | Keycloak | 6.0.2 | All | All | All |
| Application | Redhat | Keycloak | 6.0.1 | All | All | All |
| Application | Redhat | Keycloak | 6.0.0 | All | All | All |
| Application | Redhat | Keycloak | 5.0.0 | All | All | All |
| Application | Redhat | Keycloak | 4.8.0 | All | All | All |
| Application | Redhat | Keycloak | 4.7.0 | All | All | All |
| Application | Redhat | Keycloak | 4.6.0 | All | All | All |
| Application | Redhat | Keycloak | 4.5.0 | All | All | All |
| Application | Redhat | Keycloak | 4.4.0 | All | All | All |
| Application | Redhat | Keycloak | 4.3.0 | All | All | All |
| Application | Redhat | Keycloak | 4.2.1 | All | All | All |
| Application | Redhat | Keycloak | 4.2.0 | All | All | All |
| Application | Redhat | Keycloak | 4.1.0 | All | All | All |