Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper type and namespace isolation in the SingleUseObjectProvider. An attacker can obtain unauthorized access by forging authorization codes, which may result in the creation of...

Improper Isolation or Compartmentalization

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization due to improper type and namespace isolation in the...

GHSA-HJ93-H7PG-FH6V Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

GHSA-RX66-HJ7G-28H7 Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens,...

Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

Keycloak: Application-Level DoS via Scope Processing

A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect OIDC token endpoint. This leads to high resource consumption and prolonged processing times, ultimate...

GHSA-F2HX-5FX3-HMCV Keycloak: UMA Policy Resource Injection Allows Unauthorized Cross-User Permission Grants

A flaw was found in Keycloak. An authenticated user with the umaprotection role can bypass User-Managed Access UMA policy validation. This allows the attacker to include resource identifiers owned by other users in a policy creation request, even if the URL path specifies an attacker-owned...

EUVD-2026-18206

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

GHSA-CJM2-J6CM-6P6M Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +160 more potentially affected by CVE-2026-3872 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.5.6)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.0, =1.2.0 and more Source cves: CVE-2026-3872 Source advisory: OSV:GHSA-CJM2-J6CM-6P6Mhttps://vulners.com/osv/OSV:GHSA-CJM2-J6CM-...

Open Redirect

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Open Redirect via improper validation of redirect URIs in the authentication endpoint. An attacker can gain...

Keycloak: Redirect URI validation bypass via ..;/ path traversal in OIDC auth endpoint

A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers URIs that use a wildcard. A successful attack may lead to the theft of an access token, resulting in information...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.15 Images Update

New images are available for Red Hat build of Keycloak 26.2.15 and Red Hat build of Keycloak 26.2.15 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

keycloak-services: Keycloak Admin REST API: Improper Access Control leads to sensitive role metadata information disclosure

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

keycloak-server: Keycloak: Improper Access Control in Admin REST API leads to information disclosure

A flaw was found in the Keycloak Admin REST API. This vulnerability allows the exposure of backend schema and rules, potentially leading to targeted attacks or privilege escalation via improper access control...

keycloak: Keycloak IDOR in realm client creating/deleting

A flaw was found in Keycloak. An IDOR Broken Access Control vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer client ID provided in the A...

keycloak: org.keycloak/keycloak-services: Keycloak: Privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...