Red Hat Build of Keycloak — Vulnerabilities & Security Advisories 10

All 10 CVE vulnerabilities found in Red Hat Build of Keycloak, with AI-generated Chinese analysis, references, and POCs.

Vendor: Red Hat

CVE ID	Title	CVSS	Severity	Paused
CVE-2026-37980	Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page CWE-79	6.9	Medium	2026-04-14
CVE-2026-37977	Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim CWE-346	3.7	Low	2026-04-06
CVE-2026-4874	Org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: keycloak: server-side request forgery via oidc token endpoint manipulation CWE-918	3.1	Low	2026-03-26
CVE-2026-4633	Keycloak: keycloak: user enumeration via differential error messages CWE-209	3.7	Low	2026-03-23
CVE-2026-4628	Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control CWE-284	4.3	Medium	2026-03-23
CVE-2026-4366	Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak CWE-918	5.8	Medium	2026-03-18
CVE-2025-11537	Keycloak-server: sensitive headers shown in the http access logs CWE-117	5.0	Medium	2026-02-10
CVE-2026-1518	Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak CWE-918	2.7	Low	2026-02-02
CVE-2026-0976	Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths CWE-20	3.7	Low	2026-01-15
CVE-2025-5416	Keycloak-core: keycloak environment information CWE-497	2.7	Low	2025-06-20

All 10 known CVE vulnerabilities affecting Red Hat Build of Keycloak with full Chinese analysis, references, and POCs where available.