HIGH8.1CVE-2026-2603Keycloak: Unauthorized authentication via disabled SAML Identity Provider
from 0, < 26.5.5
MEDIUM4.9CVE-2026-0871Keycloak Server Private SPI: Improper Access Control Allows Administrators to Bypass Attribute Visibility Restrictions and Modify Unmanaged User Profile Attributes
from 0, < 26.5.2
MEDIUM4.8Cross-site Scripting in keycloak
from 0, < 12.0.0
MEDIUM4.3Keycloak: Missing Role Enforcement on UMA 2.0 Permission Ticket Endpoint Leads to Information Disclosure
from 0, < 26.5.6
LOW3.5Client Spoofing within the Keycloak Device Authorisation Grant