Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / org.keycloak

org.keycloak

174 tracked vulnerabilities.

CVE-2026-7500 MEDIUM

Org.keycloak.keycloak-services: improper access control on keycloak server when the account account api feature is disabled

CVE-2026-37980 MEDIUM

Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page

CVE-2026-37977 LOW

Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim

CVE-2026-4636 HIGH

Keycloak UMA Policy - Unauthorized Resource Access

CVE-2026-4634 HIGH

Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters

CVE-2026-4325 MEDIUM

Keycloak: keycloak: replay of action tokens via improper handling of single-use entries

CVE-2026-4282 HIGH

Keycloak: keycloak: privilege escalation via forged authorization codes due to singleuseobjectprovider isolation flaw

CVE-2026-3872 HIGH

Red Hat Keycloak 26.2 and 26.4 - redirect_uri Access Token Disclosure

CVE-2026-3190 MEDIUM

Keycloak: keycloak: information disclosure via improper role enforcement in uma 2.0 protection api

CVE-2026-3121 MEDIUM

Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

CVE-2026-4874 LOW

Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation

CVE-2026-4633 LOW

Keycloak: keycloak: user enumeration via differential error messages

CVE-2026-4628 MEDIUM

Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control

CVE-2026-2575 MEDIUM

Keycloak: keycloak: denial of service due to excessive samlrequest decompression

CVE-2026-2603 HIGH

Keycloak: keycloak: unauthorized authentication via disabled saml identity provider

CVE-2026-2092 HIGH

Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

CVE-2026-2366 LOW

Red Hat build of Keycloak 26.4 - Authenticated Authorization Bypass in Admin API

CVE-2026-3429 MEDIUM

Keycloak Account REST API - Privilege Escalation

CVE-2026-3911 LOW

Keycloak - Authenticated Unauthorized User Attribute Exposure via UserResource Endpoint

CVE-2026-3047 HIGH

Keycloak SAML Broker - Authentication Bypass via Disabled IdP-Initiated Client

CVE-2026-3009 HIGH

Keycloak < 26.5.5 - Incorrect Authorization via Disabled Identity Provider Bypass

CVE-2026-0871 MEDIUM

Keycloak < 26.5.2 - Incorrect Privilege Assignment via Unmanaged Attribute Bypass

CVE-2026-2733 LOW

Keycloak - Improper Authorization via Docker v2 Authentication Endpoint

CVE-2026-1529 HIGH

Keycloak 26.5.0-26.5.2 - Unauthenticated Organization Access via JWT Invitation Token Tampering

CVE-2026-1486 HIGH

Keycloak 26.5.0-26.5.2 - Unauthenticated Token Issuance via Disabled Identity Provider Bypass

Page 1 of 7 Next

Products

keycloak-services 74 keycloak-core 48 keycloak-parent 25 keycloak-quarkus-server 9 keycloak-server-spi-private 5 keycloak-ldap-federation 4 keycloak-saml-core 4 keycloak-model-jpa 3 keycloak-saml-adapter-core 3 keycloak-model-infinispan 2 keycloak-quarkus-dist 2 keycloak-account-ui 1 keycloak-adapter-core 1 keycloak-admin-ui 1 keycloak-authz-client 1 keycloak-broker-saml 1 keycloak-common 1 keycloak-js-admin-client 1 keycloak-model-storage-services 1 keycloak-oidc-client-adapter-pom 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy