Red Hat Security Advisory: Red Hat build of Keycloak 26.6.4 Security Update
🔗 CVE IDs covered (9)
📋 Description
CVE-2026-6860 — eclipse-vertx/vert.x: eclipse-vertx/vert.x: Denial of Service via TLS handshake with wildcard server name CVE-2026-9083 — keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing CVE-2026-9086 — keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass CVE-2026-9099 — keycloak: Group-Admin Escalation to Realm-Admin CVE-2026-9705 — keycloak: Keycloak: Attacker can re-enable and take over disabled clients via Registration Access Token CVE-2026-9795 — keycloak: Keycloak: Privilege escalation via improper scope mapping enforcement CVE-2026-9799 — keycloak: Keycloak: Unauthorized access to resources via UMA permission ticket bypass CVE-2026-9800 — keycloak-policy-enforcer: Keycloak Policy Enforcer: Authorization bypass via incorrect URI comparison CVE-2026-11800 — org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion