Denial Of Service

Keycloak is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of LDAP password policy responses, where a malformed response from a configured LDAP server can trigger an OutOfMemoryError during password authentication processing, causing the Keycloak JVM to termina...

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

CVE-2026-30949

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

EUVD-2026-10869

Parse Server missing audience validation in Keycloak authentication adapter...

EUVD-2026-10868

Parse Server missing audience validation in Keycloak authentication adapter...

CVE-2026-30949

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

CVE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

CVE-2026-30949 Parse Server is missing audience validation in Keycloak authentication adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.2-alpha.5 and 8.6.18, the Keycloak authentication adapter does not validate the azp authorized party claim of Keycloak access tokens against the configured client-id. A valid acces...

PT-2026-24427

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 9.5.2-alpha.5 Parse Server versions prior to 8.6.18 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a flaw in its Keycloak authentication adapter. Specifically, th...

Oracle Linux 7 : python-kdcproxy (ELSA-2025-22982)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-22982 advisory. - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 Tenable has extracted the preceding description block directly from the...

python-kdcproxy security update

0.3.2-3.0.1 - Use DNS discovery for declared realms only CVE-2025-59088 Orabug: 38745300 - Fix DoS vulnerability based on unbounded TCP buffering CVE-2025-59089...

Information Disclosure

org.keycloak, keycloak-services is vulnerable to information disclosure. The vulnerability is due to insufficient authorization checks on the /admin/realms/realm/roles endpoint, which allows an attacker to access and disclose sensitive role metadata without proper permissions...

Access Control Bypass

Overview org.keycloak:keycloak-model-infinispan is a part of the keycloak project. Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with high-privileges can...

GHSA-6Q37-7866-H27J Keycloak Admin REST (Representational State Transfer) API does not properly enforce permissions

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

Access Control Bypass

Overview org.keycloak:keycloak-authz-policy-common is a KeyCloak AuthZ: Common Policy Providers Affected versions of this package are vulnerable to Access Control Bypass via insufficient authorization checks on the /admin/realms/realm/roles endpoint. A remote authenticated attacker with...

EUVD-2025-202403

Keycloak Admin REST Representational State Transfer API does not properly enforce permissions...

CVE-2025-14082

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

CVE-2025-14082

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

CVE-2025-14082 Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure

A flaw was found in Keycloak Admin REST Representational State Transfer API. This vulnerability allows information disclosure of sensitive role metadata via insufficient authorization checks on the /admin/realms/realm/roles endpoint...

CVE-2025-14082

The CVE-2025-14082 issue affects Keycloak’s Admin REST API. Affected component: Keycloak Admin REST endpoints; root cause: insufficient authorization checks on the /admin/realms/{realm}/roles endpoint allow an attacker with high privileges to access sensitive role metadata. Impact: information di...