Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Red Hat — Vulnerabilities & Security Advisories 895

Browse all 895 CVE security advisories affecting Red Hat. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Red Hat operates primarily as a provider of open-source enterprise software solutions, most notably its Linux operating system and container platforms. With 688 recorded Common Vulnerabilities and Exposures, the organization’s historical attack surface frequently involves remote code execution, cross-site scripting, and privilege escalation flaws within its middleware and management tools. These vulnerabilities often stem from complex codebases and third-party dependencies integrated into its distribution. Security characteristics are defined by a rigorous patching lifecycle and the Red Hat Security Response Team, which issues timely advisories for critical issues. While major public breaches directly attributed to Red Hat core infrastructure are rare, individual component flaws have occasionally allowed attackers to gain unauthorized access or execute arbitrary commands. The company maintains a strong reputation for transparency, providing detailed technical guidance to help administrators mitigate risks associated with its widely deployed enterprise technologies.

Found 19 results / 895Clear Filters
CVE IDTitleCVSSSeverityPublished
CVE-2026-14781 Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email — Red Hat Build of KeycloakCWE-1288 4.8 Medium2026-07-05
CVE-2026-14615 Keycloak-services: keycloak: fgap v2 parent group children endpoint bypasses per-child view permission filter — Red Hat Build of KeycloakCWE-1220 4.3 Medium2026-07-03
CVE-2026-14614 Keycloak-services: keycloak-services: fgap v2 client scope assignment bypass via clientresource — Red Hat Build of Keycloak 5.4 Medium2026-07-03
CVE-2026-14613 Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission — Red Hat Build of Keycloak 4.3 Medium2026-07-03
CVE-2026-4629 Keycloak: keycloak: privilege escalation through hardcoded role mapper injection — Red Hat Build of KeycloakCWE-266 6.5 Medium2026-06-30
CVE-2026-12388 Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper — Red Hat Build of KeycloakCWE-266 6.5 Medium2026-06-30
CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions — Red Hat Build of KeycloakCWE-639 4.3 Medium2026-06-30
CVE-2026-11986 Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak — Red Hat Build of KeycloakCWE-425 4.9 Medium2026-06-11
CVE-2026-9798 Keycloak: keycloak: brute-force protection bypass in ciba flow — Red Hat Build of KeycloakCWE-305 4.3 Medium2026-05-28
CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability — Red Hat Build of KeycloakCWE-367 6.5 Medium2026-05-28
CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing — Red Hat Build of KeycloakCWE-347 5.9 Medium2026-05-28
CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604 — Red Hat Build of KeycloakCWE-1288 4.2 Medium2026-05-27
CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page — Red Hat Build of KeycloakCWE-79 6.9 Medium2026-04-14
CVE-2026-4633 Keycloak: keycloak: user enumeration via differential error messages — Red Hat Build of KeycloakCWE-209 3.7 Low2026-03-23
CVE-2026-4628 Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper access control — Red Hat Build of KeycloakCWE-284 4.3 Medium2026-03-23
CVE-2025-11537 Keycloak-server: sensitive headers shown in the http access logs — Red Hat Build of KeycloakCWE-117 5.0 Medium2026-02-10
CVE-2026-1518 Keycloak: blind server-side request forgery (ssrf) via ciba backchannel notification endpoint in keycloak — Red Hat Build of KeycloakCWE-918 2.7 Low2026-02-02
CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths — Red Hat Build of KeycloakCWE-20 3.7 Low2026-01-15
CVE-2025-5416 Keycloak-core: keycloak environment information — Red Hat Build of KeycloakCWE-497 2.7 Low2025-06-20

This page lists every published CVE security advisory associated with Red Hat. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.