CLEANSTART-2026-VJ37814 Security fixes for CVE-2025-59250, CVE-2026-1002, CVE-2026-33870, CVE-2026-33871, CVE-2026-39852, CVE-2026-41417, CVE-2026-42198, CVE-2026-42577, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42587, CVE-2026-5588, CVE-2026-5598, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45p5-v273-3qqr, ghsa-45q3-82m4-75jr, ghsa-4cx2-fc23-5wg6, ghsa-57rv-r2g8-2cj3, ghsa-9342-92gg-6v29, ghsa-98qh-xjc8-98pq, ghsa-c3fc-8qff-9hwx, ghsa-cm33-6792-r9fm, ghsa-cphf-4846-3xx9, ghsa-fghv-69vj-qj49, ghsa-h5fg-jpgr-rv9c, ghsa-hq9p-pm7w-8p54, ghsa-j288-q9x7-2f5v, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-p93r-85wp-75v3, ghsa-pwqr-wmgm-9rr8, ghsa-rc95-pcm8-65v9, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-w9fj-cfpg-grvv, ghsa-wg6q-6289-32hp, ghsa-xxqh-mfjm-7mv9 applied in versions: 26.1.4-r1, 26.4.11-r0, 26.4.11-r2

Multiple security vulnerabilities affect the keycloak package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-39852 vulnerabilities

Vulnerabilities for packages: keycloak, apicurio-registry...

GHSA-57RV-R2G8-2CJ3 vulnerabilities

Vulnerabilities for packages: strimzi-kafka-operator, apache-nifi, druid, docker-selenium, thingsboard, selenium, tez, apache-pulsar, zipkin, apicurio-registry, spark, apache-activemq-artemis, akhq, trino, opensearch, logstash, kserve-modelmesh, neo4j, keycloak, infinispan,...

GHSA-HJ93-H7PG-FH6V vulnerabilities

Vulnerabilities for packages: keycloak...

CLEANSTART-2026-FA60324 It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session

Multiple security vulnerabilities affect the keycloak package. It was found that the cookie used for CSRF prevention in Keycloak was not unique to each session. See references for individual vulnerability details...

GHSA-XH32-C9WX-PHRP vulnerabilities

Vulnerabilities for packages: keycloak...

Keycloak 代码问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from improper handling of client configuration requests through HTTP redirection, which may lead to information leaks and internal...

GHSA-63V5-26VQ-M4VM vulnerabilities

Vulnerabilities for packages: keycloak-fips, keycloak...

GHSA-5RFX-CP42-P624 vulnerabilities

Vulnerabilities for packages: keycloak...

GHSA-7FMW-85QM-H22P vulnerabilities

Vulnerabilities for packages: keycloak...

GHSA-V38P-MQQ3-M6V5 vulnerabilities

Vulnerabilities for packages: keycloak...

CVE-2017-12159 vulnerabilities

Vulnerabilities for packages: keycloak...

CVE-2017-12158 vulnerabilities

Vulnerabilities for packages: keycloak...

GHSA-7FMW-85QM-H22P vulnerabilities

Vulnerabilities for packages: keycloak...

CVE-2024-8698 vulnerabilities

Vulnerabilities for packages: keycloak...

EUVD-2018-0559

Malware in sbrugna...

Vulnerabilities fixed in Keycloak

Red Hat has fixed vulnerabilities in Keycloak. The vulnerabilities include an issue where JWT tokens with long expiration times can cause infinite growth in the cache, resulting in an OutOfMemoryError and a Denial-of-Service for legitimate users. In addition, verification of trust store...

GHSA-2P82-5WWR-43CW vulnerabilities

Vulnerabilities for packages: keycloak-fips...

GHSA-W97F-W3HQ-36G2 vulnerabilities

Vulnerabilities for packages: keycloak-operator, keycloak...

GHSA-W97F-W3HQ-36G2 vulnerabilities

Vulnerabilities for packages: keycloak-fips, keycloak-operator, keycloak...