Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Security Update
🔗 CVE IDs covered (22)
📋 Description
CVE-2026-4874 — org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation CVE-2026-6860 — eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name CVE-2026-7500 — org.keycloak.keycloak-services: Improper Access Control on Keycloak Server when the account Account API feature is disabled CVE-2026-8830 — keycloak: org.keycloak/keycloak-services: Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation CVE-2026-8922 — org.keycloak/keycloak-services: keycloak: org.keycloak.protocol.oidc: Security flaw in org.keycloak/keycloak-services CVE-2026-9083 — keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing CVE-2026-9086 — keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass CVE-2026-9087 — keycloak: Cross-Session Email Verification Proof Not Bound to Upstream Identity in First-Broker-Login CVE-2026-9088 — keycloak: Keycloak: Information disclosure due to user profile permission bypass CVE-2026-9099 — keycloak: Group-Admin Escalation to Realm-Admin CVE-2026-9704 — keycloak: Keycloak: Privilege escalation due to oversized subject_token JWT CVE-2026-9705 — keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token CVE-2026-9791 — keycloak-rhel9: Organization Data Leak After Feature Disabled in Keycloak CVE-2026-9792 — keycloak: Keycloak: Security restriction bypass allows unauthorized ROPC token acquisition CVE-2026-9794 — keycloak: Keycloak: Information disclosure via SAML ECP endpoint CVE-2026-9795 — keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement CVE-2026-9799 — keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass CVE-2026-9800 — keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison CVE-2026-9801 — keycloak: Keycloak: Denial of Service via malformed LDAP password policy response CVE-2026-9802 — keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart CVE-2026-9803 — keycloak: Keycloak: Denial of Service via malformed Authorization header CVE-2026-37977 — keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim