Red Hat Keycloak Vulnerabilities

Red%20hat Keycloak vulnerabilities.

JSON RSS CSV 🔔 Create Alert Trigger

2 February 2026

Security Flaw in Keycloak's CIBA Feature Affects Internal Service Requests
CVE-2026-1518
Red HatRed Hat Build Of Keycloak2.7LOW
Privilege Escalation Vulnerability in Keycloak Admin API by Red Hat
CVE-2025-13881
Red HatRed Hat Build Of Keycloak2.7LOW

30 January 2026

Denial-of-Service Vulnerability in Undertow by Red Hat
CVE-2024-4027
Red HatOpenshift Serverless7.5HIGH

26 January 2026

SAML Brokering Flaw in Keycloak Affects Session Validity
CVE-2026-1190
Red HatRed Hat Build Of Keycloak3.1LOW

21 January 2026

20 January 2026

Arbitrary Jwks_uri Vulnerability in Keycloak's OpenID Connect Dynamic Client Registration
CVE-2026-1180
Red HatRed Hat Build Of Keycloak5.8MEDIUM

15 January 2026

Improper Input Validation in Keycloak by Red Hat
CVE-2026-0976
Red HatRed Hat Build Of Keycloak3.7LOW

8 January 2026

Vulnerability in Keycloak's Authorization Header Parser Affects Authentication Security
CVE-2026-0707
Red HatRed Hat Build Of Keycloak5.3MEDIUM

16 December 2025

Broken Access Control Vulnerability in Keycloak Admin API
CVE-2025-14777
Red HatRed Hat Build Of Keycloak6MEDIUM

10 December 2025

Information Disclosure Vulnerability in Keycloak Admin REST API by Red Hat
CVE-2025-14082
Red HatRed Hat Build Of Keycloak2.7LOW

3 December 2025

Remote Denial of Service Vulnerability in Undertow by Red Hat
CVE-2024-3884
Red HatRed Hat Jboss Enterpri...7.5HIGH

20 June 2025

Information Disclosure Vulnerability in Keycloak by Red Hat
CVE-2025-5416
Red HatRed Hat Build Of Keycloak2.7LOW

25 November 2024

Keycloak Vulnerability Affects Sensitive Data
CVE-2024-10451
Red HatRed Hat Build Of Keycl...5.9MEDIUM

22 March 2024

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service
CVE-2023-5685
Red HatRed Hat Build Of Apach...7.5HIGH

26 January 2024

Keycloak: redirect_uri validation bypass
CVE-2023-6291
Red HatRed Hat Build Of Keycl...7.1HIGH

21 December 2023

Client access via device auth request spoof
CVE-2023-2585
Red Hatkeycloak8.1HIGH

18 December 2023

Keycloak: open redirect via "form_post.jwt" jarm response mode
CVE-2023-6927
Red HatRed Hat Build Of Keycl...4.6MEDIUM

14 December 2023

4 October 2023

Oauth client impersonation
CVE-2023-2422
Red Hatkeycloak7.1HIGH

12 September 2023

Plaintext storage of user password
CVE-2023-4918
Red Hatkeycloak8.8HIGH

9 November 2020

Path Traversal Vulnerability in Keycloak by Red Hat
CVE-2020-14366
Red HatKeycloak6.8MEDIUM

15 May 2020

TLS Hostname Verification Flaw in Keycloak by Red Hat
CVE-2020-1758
Red HatKeycloak5.3MEDIUM