This advisory covers a set of security vulnerabilities in Red Hat build of Keycloak 26.4.12, an integrated sign-on solution deployed as a containerized image on OpenShift. The vulnerabilities include denial of service via crafted SAML input (CVE-2026-7307), information disclosure through the evaluate-scopes Admin API (CVE-2026-37978), unauthorized account takeover via WebAuthn token replay (CVE-2026-37982), information disclosure through OIDC token introspection endpoint audience bypass (CVE-2026-37979), access token disclosure and implicit flow bypass via forged client data (CVE-2026-7571), session fixation in OIDC login flow leading to account takeover (CVE-2026-7507), open redirect issues with wildcard redirect URIs (CVE-2026-7504), information disclosure via broken access control in user lookup endpoint (CVE-2026-37981), and unauthorized resource access and data modification via insecure direct object reference (CVE-2026-4630). These vulnerabilities collectively impact authentication, authorization, and session management components of Keycloak.

The vulnerabilities could allow attackers to cause denial of service, disclose sensitive information, take over user accounts, bypass access controls, and perform unauthorized resource access and modification. This compromises the confidentiality, integrity, and availability of authentication services and user data managed by Keycloak in OpenShift environments.

Red Hat has released updated container images for Red Hat build of Keycloak 26.4.12 and its Operator to address these vulnerabilities. Users should back up their existing installations and apply the updated images as provided by Red Hat. Since this is not a cloud service, remediation requires user action to deploy the updated images. Patch status is confirmed by the vendor advisory. No indication of 'no action required' or 'already mitigated' is stated, so applying the update is necessary.