Keycloak

Security Risk Profile

/100

low

Security Risk Score

Comprehensive risk assessment based on 86 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from September 19, 2014 to present

Total CVEs

Critical+High

Exploited

Unpatched

Threat Assessment

Avg CVSS

5.2

Base severity

Avg EPSS

Exploit probability

Unpatched

Critical/High

Risk Level

27/100

low

📈 26 in Last 30 Days

Severity Distribution

Critical

High

Medium

Low

Exploit Likelihood

>50% chance

20-50%

5-20%

<5%

Age Distribution

Common Weaknesses (CWE)

SSRF

XSS

Path Traversal

CSRF

CRLF Injection

Most Affected Products

1. Keycloak Keycloak77

2. redhat Build Of Keycloak43

3. maven/org.keycloak:keycloak-services19

4. Keycloak keycloak-nodejs-auth-utils11

5. maven/org.keycloak:keycloak-ldap-federation4

Recent Vulnerabilities

See more →

CVE-2026-9801

CVSS 4.9EPSS 0%medium

Keycloak: keycloak: denial of service via malformed ldap password policy response

5/28/2026🔧 No Patch

CVE-2026-9798

CVSS 4.3EPSS 0%medium

Keycloak: keycloak: brute-force protection bypass in ciba flow

5/28/2026🔧 No Patch

CVE-2026-9802

CVSS 6.8EPSS 0%medium

Keycloak: keycloak: unauthorized account access via replayed refresh tokens after cluster restart

CVSS 5.3EPSS 0%medium

Keycloak: keycloak: denial of service via malformed authorization header

CVSS 6.5EPSS 0%medium

Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability

Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

Monitor Keycloak in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free Trial Book a Demo

Keycloak

Security Risk Score

Threat Assessment

Severity Distribution

Exploit Likelihood

Age Distribution

Common Weaknesses (CWE)

Most Affected Products

Recent Vulnerabilities

Monitor Keycloak in Real-Time

Monitor Your Software Stack in Real-Time