VYPR

Build Of Keycloak

by Red Hat

Source repositories

CVEs (68)

  • CVE-2024-8698HigSep 19, 2024
    risk 0.57cvss 7.7epss 0.02

    A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document,…

  • CVE-2026-11577HigJun 8, 2026
    risk 0.47cvss 7.2epss 0.00

    A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Grained Admin Permissions (FGAP) and escalate their privileges to a full realm…

  • CVE-2026-9795HigMay 28, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses…

  • CVE-2026-7504HigMay 19, 2026
    risk 0.46cvss 8.1epss 0.00

    A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or…

  • CVE-2026-4636HigApr 2, 2026
    risk 0.46cvss 8.1epss 0.00

    A flaw was found in Keycloak. An authenticated user with the uma_protection role can bypass User-Managed Access (UMA) policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an…

  • CVE-2024-3656HigOct 9, 2024
    risk 0.46cvss 8.1epss 0.03

    A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

  • CVE-2024-2419HigApr 17, 2024
    risk 0.46cvss 7.1epss 0.01

    A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to…

  • CVE-2026-37980MedApr 14, 2026
    risk 0.45cvss 6.9epss 0.00

    A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw occurs because the…

  • CVE-2026-9802MedMay 28, 2026
    risk 0.44cvss 6.8epss 0.00

    A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even…

  • CVE-2026-9704MedMay 27, 2026
    risk 0.44cvss 6.8epss 0.00

    A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to…

  • CVE-2026-4630MedMay 19, 2026
    risk 0.44cvss 6.8epss 0.00

    A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier (UUID) belonging to another Resource Server…

  • CVE-2026-9796MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to `realm-admin` for all users…

  • CVE-2026-9792MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant`…

  • CVE-2026-7507HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.00

    A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the…

  • CVE-2026-7307HigMay 19, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS)…

  • CVE-2026-4634HigApr 2, 2026
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged…

  • CVE-2024-4540HigJun 3, 2024
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly…

  • CVE-2026-4282HigApr 2, 2026
    risk 0.41cvss 7.4epss 0.00

    A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable…

  • CVE-2024-1249HigApr 17, 2024
    risk 0.41cvss 7.4epss 0.00

    A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability…

  • CVE-2026-3872HigApr 2, 2026
    risk 0.40cvss 7.3epss 0.00

    A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting…

Page 1 of 4