| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2014-3709 |
high |
8.8 |
8.8 |
9y ago |
JBoss Keycloak CSRF Vulnerability |
|
| CVE-2026-2603 |
high |
— |
8.0 |
2mo ago |
Keycloak: Unauthorized authentication via disabled SAML Identity Provider |
|
| CVE-2021-3424 |
high |
— |
8.0 |
4y ago |
Keycloak is vulnerable to IDN homograph attack |
|
| CVE-2025-7365 |
high |
7.1 |
7.1 |
11mo ago |
Keycloak phishing attack via email verification step in first login flow |
|
| CVE-2024-3656 |
unknown |
— |
— |
2y ago |
Keycloak's admin API allows low privilege users to use administrative functions |
|