New images are available for Red Hat build of Keycloak 26.0.11 and Red Hat
 build of Keycloak 26.0.11 Operator, running on OpenShift Container Platform

Red Hat build of Keycloak is an integrated sign-on solution, available as a Red
 Hat JBoss Middleware for OpenShift containerized image. The Red Hat build of Keycloak for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.
Red Hat build of Keycloak Operator for OpenShift simplifies deployment and
 management of Keycloak 26.0.11 clusters.
This erratum releases new images for Red Hat build of Keycloak 26.0.11 for use
 within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.

Security fixes:
* JWT Token Cache Exhaustion Leading to Denial of Service (DoS) in Keycloak
* Keycloak hostname verification
* Two factor authentication bypass

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2025-2559: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2025-3501: Improper Validation of Certificate with Host Mismatch (CWE-297)
CVE-2025-3910: Improper Authentication (CWE-287)