Known Vulnerabilities for products from Keycloak
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Keycloak".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-53913 json | Not Provided | 2026-07-06 | 2026-07-07 | |
| CVE-2026-48726 json | Not Provided | 2026-06-01 | 2026-06-02 | |
| CVE-2026-46455 json | Not Provided | 2026-07-06 | 2026-07-06 | |
| CVE-2026-46389 json | Not Provided | 2026-06-05 | 2026-06-05 | |
| CVE-2026-41166 json | Not Provided | 2026-04-22 | 2026-04-23 | |
| CVE-2026-40948 json | Not Provided | 2026-04-18 | 2026-04-20 | |
| CVE-2026-37982 json | Not Provided | 2026-05-19 | 2026-05-20 | |
| CVE-2026-37981 json | Not Provided | 2026-05-19 | 2026-05-20 | |
| CVE-2026-37980 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2026-37979 json | Not Provided | 2026-05-19 | 2026-05-20 | |
| CVE-2018-10912 json | keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple... | 4.9 - MEDIUM | 2018-07-23 | 2021-04-22 |
| CVE-2017-12161 json | It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a passw... | 8.8 - HIGH | 2018-02-21 | 2019-10-09 |
| CVE-2017-12159 json | It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. An attacker could use this ... | Not Provided | 2017-10-26 | 2025-04-20 |
| CVE-2017-12158 json | It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations... | Not Provided | 2017-10-26 | 2025-04-20 |
| CVE-2017-7474 json | It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this... | Not Provided | 2017-05-12 | 2025-04-20 |
| CVE-2014-3709 json | The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attacke... | Not Provided | 2017-10-18 | 2025-04-20 |
| CVE-2014-3651 json | JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large val... | Not Provided | 2017-12-29 | 2025-04-20 |
Known software with vulnerabilities from Keycloak
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Keycloak | Keycloak-nodejs-auth-utils | 2.5.0 |