- 发布:
- 2026-05-20
- 已更新:
- 2026-05-20
RHSA-2026:19594 - Security Advisory
概述
Important: Red Hat build of Keycloak 26.2.16 Security Update
类型/严重性
Security Advisory: Important
标题
New Red Hat build of Keycloak 26.2.16 packages are available from the Customer Portal
描述
Red Hat build of Keycloak 26.2.16 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.
Security fixes:
- Denial of Service via specially crafted SAML input (CVE-2026-7307)
- Session fixation in OIDC login flow that can lead to account takeover (CVE-2026-7507)
- Open redirect when using wildcard valid redirect URIs in Keycloak (CVE-2026-7504)
解决方案
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
受影响的产品
- Red Hat build of Keycloak Text-only Advisories x86_64
修复
(none)Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
