Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update
This security advisory addresses vulnerabilities in the Red Hat build of Keycloak 26.2.9 images used within the OpenShift Container Platform. The update fixes three issues: variable injection into environment variables (CVE-2025-9162), an incomplete fix of a prior vulnerability (CVE-2025-10043), and error_description injection on error pages (CVE-2025-10044). These vulnerabilities could potentially allow injection attacks affecting authentication and error handling components. The advisory provides new container images aligned with the standalone Keycloak 26.2.9 release for on-premise or private cloud deployments.
AI Analysis
Technical Summary
Red Hat has released updated container images for the Red Hat build of Keycloak 26.2.9 and its Operator for OpenShift to address three security vulnerabilities. CVE-2025-9162 involves variable injection into environment variables, which could lead to unintended environment manipulation. CVE-2025-10043 is an incomplete fix of a previous vulnerability (CVE-2024-10492), indicating residual risk from the earlier issue. CVE-2025-10044 concerns injection of error_description content on error pages, potentially enabling injection attacks such as cross-site scripting. These issues affect the authentication server functionality provided by Keycloak within OpenShift Container Platform. The advisory recommends updating to the new images to mitigate these vulnerabilities.
Potential Impact
The vulnerabilities allow injection attacks that could compromise environment variables or inject malicious content into error pages, potentially impacting authentication flows and user session management. This could lead to unauthorized manipulation of authentication behavior or exposure of sensitive information via error messages. The incomplete fix of a prior vulnerability suggests that some risk remained until this update. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.2.9 and its Operator that address these vulnerabilities. Users should back up their existing installations, including applications, configurations, and databases, before applying the update. Deploying the updated images is the recommended remediation. No alternative mitigations or workarounds are specified. Patch status is confirmed by the vendor advisory indicating new images are available.
Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update
Description
This security advisory addresses vulnerabilities in the Red Hat build of Keycloak 26.2.9 images used within the OpenShift Container Platform. The update fixes three issues: variable injection into environment variables (CVE-2025-9162), an incomplete fix of a prior vulnerability (CVE-2025-10043), and error_description injection on error pages (CVE-2025-10044). These vulnerabilities could potentially allow injection attacks affecting authentication and error handling components. The advisory provides new container images aligned with the standalone Keycloak 26.2.9 release for on-premise or private cloud deployments.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat has released updated container images for the Red Hat build of Keycloak 26.2.9 and its Operator for OpenShift to address three security vulnerabilities. CVE-2025-9162 involves variable injection into environment variables, which could lead to unintended environment manipulation. CVE-2025-10043 is an incomplete fix of a previous vulnerability (CVE-2024-10492), indicating residual risk from the earlier issue. CVE-2025-10044 concerns injection of error_description content on error pages, potentially enabling injection attacks such as cross-site scripting. These issues affect the authentication server functionality provided by Keycloak within OpenShift Container Platform. The advisory recommends updating to the new images to mitigate these vulnerabilities.
Potential Impact
The vulnerabilities allow injection attacks that could compromise environment variables or inject malicious content into error pages, potentially impacting authentication flows and user session management. This could lead to unauthorized manipulation of authentication behavior or exposure of sensitive information via error messages. The incomplete fix of a prior vulnerability suggests that some risk remained until this update. However, no known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated container images for Keycloak 26.2.9 and its Operator that address these vulnerabilities. Users should back up their existing installations, including applications, configurations, and databases, before applying the update. Deploying the updated images is the recommended remediation. No alternative mitigations or workarounds are specified. Patch status is confirmed by the vendor advisory indicating new images are available.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:16400
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-10043","CVE-2025-10044"]
- Cvss Version
- null
Threat ID: 6a419cb427e9c79719abc975
Added to database: 06/28/2026, 22:14:12 UTC
Last enriched: 06/28/2026, 22:29:06 UTC
Last updated: 07/01/2026, 12:51:10 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.