This advisory covers a set of 14 security vulnerabilities in Red Hat build of Keycloak 26.6.3, an integrated sign-on solution deployed as a containerized image on OpenShift. Vulnerabilities include security restriction bypass allowing unauthorized Resource Owner Password Credentials (ROPC) token acquisition (CVE-2026-9792), privilege escalation via oversized JWT tokens (CVE-2026-9704), denial of service through malformed LDAP and Authorization headers (CVE-2026-9801, CVE-2026-9803), information disclosure through SAML ECP endpoint and CORS header injection (CVE-2026-9794, CVE-2026-37977), unauthorized account access via replayed refresh tokens after cluster restart (CVE-2026-9802), and several others involving improper access control and policy bypass. The advisory provides updated container images to address these issues for on-premise or private cloud OpenShift deployments.

The vulnerabilities collectively allow attackers to bypass security restrictions, escalate privileges, cause denial of service conditions, disclose sensitive organizational and user information, gain unauthorized account access, and perform server-side request forgery attacks. These impacts affect authentication and authorization mechanisms, potentially compromising the confidentiality, integrity, and availability of the Keycloak service and its managed identities.

Red Hat has released updated container images for Red Hat build of Keycloak 26.6.3 that address these vulnerabilities. Users should back up their existing installations, including applications, configurations, and databases, before applying the update. Applying the updated images is the recommended remediation. No additional mitigations or workarounds are specified in the advisory.