Vulnerability-Lookup

RHSA-2026:19595

Vulnerability from csaf_redhat - Published: 2026-05-20 11:23 - Updated: 2026-05-20 16:08

Summary

Red Hat Security Advisory: Red Hat build of Keycloak 26.2.16 Images Security Update

Severity

Important

Notes

Topic: New images are available for Red Hat build of Keycloak 26.2.16 and Red Hat build of Keycloak 26.2.16 Operator, running on OpenShift Container Platform

Details: Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. Red Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.16 clusters. This erratum releases new images for Red Hat build of Keycloak 26.2.16 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security fixes: * Denial of Service via specially crafted SAML input (CVE-2026-7307) * Session fixation in OIDC login flow that can lead to account takeover (CVE-2026-7507) * Open redirect when using wildcard valid redirect URIs in Keycloak (CVE-2026-7504)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-7307

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-7504

A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the "Valid Redirect URIs" field and requires user interaction to be successfully exploited. The issue stems from a discrepancy in how Keycloak and the underlying Java URI implementation handle the user-info component of a URL. If a malicious redirect URL is constructed using multiple @ characters in the user-info section, Java's URI parser fails to extract the user-info, leaving only the raw authority field. Consequently, Keycloak's validation check fails to detect the malformed user-info, falls back to a wildcard comparison, and incorrectly permits the malicious redirect.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2026-7507

A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint—which processes session handles without adequate CSRF protection or cookie ownership validation—an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim's credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-290 - Authentication Bypass by Spoofing

Affected products

Fixed 9 products

Product	Version	Remediation
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

15 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:19595	self
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-7307	self
https://bugzilla.redhat.com/show_bug.cgi?id=2476526	external
https://www.cve.org/CVERecord?id=CVE-2026-7307	external
https://nvd.nist.gov/vuln/detail/CVE-2026-7307	external
https://access.redhat.com/security/cve/CVE-2026-7504	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464128	external
https://www.cve.org/CVERecord?id=CVE-2026-7504	external
https://nvd.nist.gov/vuln/detail/CVE-2026-7504	external
https://access.redhat.com/security/cve/CVE-2026-7507	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464145	external
https://www.cve.org/CVERecord?id=CVE-2026-7507	external
https://nvd.nist.gov/vuln/detail/CVE-2026-7507	external

Acknowledgments

Anchels

Intapp João Mendes Duarte Antunes

Calif.io Hacking Team

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New images are available for Red Hat build of Keycloak 26.2.16 and Red Hat build of Keycloak 26.2.16 Operator, running on OpenShift Container Platform",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\nRed Hat build of Keycloak Operator for OpenShift simplifies deployment and management of Keycloak 26.2.16 clusters.\n\nThis erratum releases new images for Red Hat build of Keycloak 26.2.16 for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity fixes:\n* Denial of Service via specially crafted SAML input (CVE-2026-7307)\n* Session fixation in OIDC login flow that can lead to account takeover (CVE-2026-7507)\n* Open redirect when using wildcard valid redirect URIs in Keycloak (CVE-2026-7504)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:19595",
        "url": "https://access.redhat.com/errata/RHSA-2026:19595"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19595.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Keycloak 26.2.16 Images Security Update",
    "tracking": {
      "current_release_date": "2026-05-20T16:08:54+00:00",
      "generator": {
        "date": "2026-05-20T16:08:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2026:19595",
      "initial_release_date": "2026-05-20T11:23:01+00:00",
      "revision_history": [
        {
          "date": "2026-05-20T11:23:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-20T11:23:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-20T16:08:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat build of Keycloak 26.2",
                "product": {
                  "name": "Red Hat build of Keycloak 26.2",
                  "product_id": "9Base-RHBK-26.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:build_keycloak:26.2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat build of Keycloak"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5?arch=arm64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-21"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175?arch=ppc64le\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-21"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
                  "product_id": "rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
                "product": {
                  "name": "rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
                  "product_id": "rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-operator-bundle\u0026tag=26.2.16-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132?arch=amd64\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-21"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
                  "product_id": "rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9\u0026tag=26.2-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
                "product": {
                  "name": "rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
                  "product_id": "rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914?arch=s390x\u0026repository_url=registry.redhat.io/rhbk/keycloak-rhel9-operator\u0026tag=26.2-21"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64"
        },
        "product_reference": "rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64 as a component of Red Hat build of Keycloak 26.2",
          "product_id": "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
        },
        "product_reference": "rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64",
        "relates_to_product_reference": "9Base-RHBK-26.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Anchels"
          ]
        }
      ],
      "cve": "CVE-2026-7307",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2026-05-12T16:20:11.587000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2476526"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Keycloak: Denial of Service via specially crafted SAML input",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a High severity denial of service vulnerability in Keycloak. An unauthenticated attacker with network access can send specially crafted XML input to the SAML endpoint, causing high CPU utilization and worker thread exhaustion, which renders the Keycloak server unavailable. This directly impacts the availability of Keycloak instances where the SAML protocol is enabled.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-7307"
        },
        {
          "category": "external",
          "summary": "RHBZ#2476526",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476526"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-7307",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7307"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7307",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7307"
        }
      ],
      "release_date": "2026-05-19T10:42:34.560000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-20T11:23:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, restrict network access to the Keycloak SAML endpoint to trusted networks and clients. Implement firewall rules to limit inbound connections to the Keycloak service port (e.g., 8080) from untrusted sources. If the SAML protocol is not required for your deployment, consider disabling it to eliminate the attack surface. Applying these network restrictions or configuration changes may necessitate a restart or reload of the Keycloak service, which could temporarily affect its availability.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "keycloak: Keycloak: Denial of Service via specially crafted SAML input"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Jo\u00e3o Mendes",
            "Duarte Antunes"
          ],
          "organization": "Intapp"
        }
      ],
      "cve": "CVE-2026-7504",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2026-04-30T14:46:59.812530+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464128"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak\u0027s URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the \"Valid Redirect URIs\" field and requires user interaction to be successfully exploited.\n\nThe issue stems from a discrepancy in how Keycloak and the underlying Java URI implementation handle the user-info component of a URL. If a malicious redirect URL is constructed using multiple @ characters in the user-info section, Java\u0027s URI parser fails to extract the user-info, leaving only the raw authority field. Consequently, Keycloak\u0027s validation check fails to detect the malformed user-info, falls back to a wildcard comparison, and incorrectly permits the malicious redirect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak/keycloak-services: Open redirect when using wildcard valid redirect URIs in Keycloak",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This Moderate impact flaw in Keycloak allows for open redirection when a client is configured with a wildcard in its Valid Redirect URIs. An attacker could craft a malicious URL that, upon user interaction, bypasses validation and redirects to arbitrary locations within the domain, potentially leading to information disclosure or further attacks. This issue specifically affects deployments where clients utilize wildcard redirect URIs, requiring a specific configuration and user engagement for exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-7504"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464128",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464128"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-7504",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7504"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7504",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7504"
        }
      ],
      "release_date": "2026-05-19T10:52:12.777000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-20T11:23:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, Red Hat recommends avoiding the use of wildcard characters in the \"Valid Redirect URIs\" field for clients within Keycloak. Instead, explicitly list all allowed redirect URIs. Review all client configurations to ensure that wildcards are not used unless absolutely necessary, and if used, ensure that the client application is robust against open redirect vulnerabilities. Changes to client configurations in Keycloak may require a restart or reload of the Keycloak service to take effect, which could impact active user sessions.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.keycloak/keycloak-services: Open redirect when using wildcard valid redirect URIs in Keycloak"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Hacking Team"
          ],
          "organization": "Calif.io"
        }
      ],
      "cve": "CVE-2026-7507",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "discovery_date": "2026-04-30T14:57:56.441000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464145"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A session fixation vulnerability was found in Keycloak\u0027s login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint\u2014which processes session handles without adequate CSRF protection or cookie ownership validation\u2014an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim\u0027s credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "org.keycloak/keycloak-services: Session fixation in OIDC login flow that can lead to account takeover",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a Critical session fixation vulnerability in Keycloak\u0027s login-actions endpoints. An unauthenticated attacker can pre-create an authentication session and, by exploiting a lack of CSRF token or cookie ownership checks on the `/login-actions/restart` endpoint, reset the flow state to achieve silent Single Sign-On (SSO). This allows for full takeover of the master-realm admin account in default Keycloak deployments.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
          "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-7507"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464145",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464145"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-7507",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-7507"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7507",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7507"
        }
      ],
      "release_date": "2026-05-19T10:51:31.418000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-20T11:23:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHBK-26.2:rhbk/keycloak-operator-bundle@sha256:43a89aece29c0a33128e5a7be4ef26d96956fa125df89e22b183c40e50bb8a1d_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:13d8216c9f47a6f73ea6ea5c9ae7b8b38a89c3822e48eeed7271e50970132175_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:4d2cc26a505eda68f7270c8e8a02d794588f9c7ceec98b763d83e3875f957132_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:88672078ac0b5a0da5b72c11751fa7b0c1c57679ec0f68cb1fe9ba76932397b5_arm64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9-operator@sha256:fa9cebe14d003ae002137462fc5833e5634fd040d8f25a66230da9a753891914_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:01a56463ad6790cf448e66f59a81c229db4159f42e563a13d19de051ec85ca86_s390x",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:58e692074e695bee04981aff9641db8070ba1a49ee6134fcc008046cd84da21d_ppc64le",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:7861ca2441bed95aab1ad43f9159d5c60b522fe3f43833f1847bd1d3ddef94d3_amd64",
            "9Base-RHBK-26.2:rhbk/keycloak-rhel9@sha256:a9aeb0bc33a3461fe2d407896422719b21b184717956cbcebac0da976a220c1c_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "org.keycloak/keycloak-services: Session fixation in OIDC login flow that can lead to account takeover"
    }
  ]
}

CVE-2026-7307 (GCVE-0-2026-7307)

Vulnerability from cvelistv5 – Published: 2026-05-19 10:52 – Updated: 2026-05-20 15:48

Title

Keycloak: keycloak: denial of service via specially crafted saml input

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:19594	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19595	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19596	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19597	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7307	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2476526	issue-trackingx_refsource_REDHAT

Impacted products

8 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2.16-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.16	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.12	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-05-19 10:42

Credits

Red Hat would like to thank Anchels for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7307",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T12:49:06.304635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:41:35.005Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.16-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2.16",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4.12",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Anchels for reporting this issue."
        }
      ],
      "datePublic": "2026-05-19T10:42:34.560Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T15:48:13.891Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:19594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19594"
        },
        {
          "name": "RHSA-2026:19595",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "name": "RHSA-2026:19596",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19596"
        },
        {
          "name": "RHSA-2026:19597",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19597"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-7307"
        },
        {
          "name": "RHBZ#2476526",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476526"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-12T16:20:11.587Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-19T10:42:34.560Z",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: keycloak: denial of service via specially crafted saml input",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability, restrict network access to the Keycloak SAML endpoint to trusted networks and clients. Implement firewall rules to limit inbound connections to the Keycloak service port (e.g., 8080) from untrusted sources. If the SAML protocol is not required for your deployment, consider disabling it to eliminate the attack surface. Applying these network restrictions or configuration changes may necessitate a restart or reload of the Keycloak service, which could temporarily affect its availability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-7307",
    "datePublished": "2026-05-19T10:52:24.684Z",
    "dateReserved": "2026-04-28T11:51:30.176Z",
    "dateUpdated": "2026-05-20T15:48:13.891Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7504 (GCVE-0-2026-7504)

Vulnerability from cvelistv5 – Published: 2026-05-19 11:01 – Updated: 2026-05-20 15:48

Title

Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak

Summary

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:19594	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19595	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19596	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19597	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7504	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2464128	issue-trackingx_refsource_REDHAT

Impacted products

8 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2.16-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.16	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.12	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-05-19 10:52

Credits

Red Hat would like to thank Duarte Antunes (Intapp) and João Mendes (Intapp) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7504",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T12:22:24.698680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T12:22:30.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.16-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2.16",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4.12",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Duarte Antunes (Intapp) and Jo\u00e3o Mendes (Intapp) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-19T10:52:12.777Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak\u0027s URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs, potentially leading to the exposure of sensitive information within the domain or facilitating further attacks. This vulnerability specifically affects Keycloak clients configured with a wildcard (*) in the \"Valid Redirect URIs\" field and requires user interaction to be successfully exploited.\n\nThe issue stems from a discrepancy in how Keycloak and the underlying Java URI implementation handle the user-info component of a URL. If a malicious redirect URL is constructed using multiple @ characters in the user-info section, Java\u0027s URI parser fails to extract the user-info, leaving only the raw authority field. Consequently, Keycloak\u0027s validation check fails to detect the malformed user-info, falls back to a wildcard comparison, and incorrectly permits the malicious redirect."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T15:48:19.026Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:19594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19594"
        },
        {
          "name": "RHSA-2026:19595",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "name": "RHSA-2026:19596",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19596"
        },
        {
          "name": "RHSA-2026:19597",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19597"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-7504"
        },
        {
          "name": "RHBZ#2464128",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464128"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-30T14:46:59.812Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-19T10:52:12.777Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: open redirect when using wildcard valid redirect uris in keycloak",
      "workarounds": [
        {
          "lang": "en",
          "value": "To mitigate this vulnerability, Red Hat recommends avoiding the use of wildcard characters in the \"Valid Redirect URIs\" field for clients within Keycloak. Instead, explicitly list all allowed redirect URIs. Review all client configurations to ensure that wildcards are not used unless absolutely necessary, and if used, ensure that the client application is robust against open redirect vulnerabilities. Changes to client configurations in Keycloak may require a restart or reload of the Keycloak service to take effect, which could impact active user sessions."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-7504",
    "datePublished": "2026-05-19T11:01:19.663Z",
    "dateReserved": "2026-04-30T14:48:04.317Z",
    "dateUpdated": "2026-05-20T15:48:19.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-7507 (GCVE-0-2026-7507)

Vulnerability from cvelistv5 – Published: 2026-05-19 11:01 – Updated: 2026-05-20 15:48

Title

Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-290 - Authentication Bypass by Spoofing

Assigner

redhat

References

6 references

URL	Tags
https://access.redhat.com/errata/RHSA-2026:19594	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19595	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19596	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19597	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-7507	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2464145	issue-trackingx_refsource_REDHAT

Impacted products

8 products

Vendor	Product	Version
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2.16-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-21 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2.16	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4	Unaffected: 26.4-17 , < * (rpm) cpe:/a:redhat:build_keycloak:26.4::el9
Red Hat	Red Hat build of Keycloak 26.4.12	cpe:/a:redhat:build_keycloak:26.4::el9

Date Public ?

2026-05-19 10:51

Credits

Red Hat would like to thank Hacking Team (Calif.io) for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-7507",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T13:40:38.753128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:40:46.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.16-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2.16",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.4-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.4::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.4.12",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Hacking Team (Calif.io) for reporting this issue."
        }
      ],
      "datePublic": "2026-05-19T10:51:31.418Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation vulnerability was found in Keycloak\u0027s login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting a maliciously crafted link. By leveraging the /login-actions/restart endpoint\u2014which processes session handles without adequate CSRF protection or cookie ownership validation\u2014an attacker can reset the authentication flow state. This causes Single Sign-On (SSO) to authenticate the victim transparently upon clicking the link, allowing the attacker to hijack the required-action form without needing the victim\u0027s credentials. A successful exploit could lead to complete account takeover, including highly privileged administrative accounts."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-20T15:48:23.138Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2026:19594",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19594"
        },
        {
          "name": "RHSA-2026:19595",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19595"
        },
        {
          "name": "RHSA-2026:19596",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19596"
        },
        {
          "name": "RHSA-2026:19597",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19597"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-7507"
        },
        {
          "name": "RHBZ#2464145",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464145"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-30T14:57:56.441Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-05-19T10:51:31.418Z",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-290: Authentication Bypass by Spoofing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-7507",
    "datePublished": "2026-05-19T11:01:25.443Z",
    "dateReserved": "2026-04-30T14:58:15.177Z",
    "dateUpdated": "2026-05-20T15:48:23.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:19595

CVE-2026-7307 (GCVE-0-2026-7307)

CVE-2026-7504 (GCVE-0-2026-7504)

CVE-2026-7507 (GCVE-0-2026-7507)

Tags

Sightings

Nomenclature