Red Hat build of Keycloak
Moderate fix1 remedy
cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*
Moderate fix1 remedy
- < 26.0.8
Keycloak Denial-of-Service Vulnerability via Security Header Manipulation
Vulnerability
Patched
A denial-of-service vulnerability exists in Keycloak that allows an administrative user with the authority to change realm settings to disrupt service. This is achieved by altering security headers and adding newlines, which causes the Keycloak server to process a request that has already been terminated, resulting in the failure of that request. Consequently, users may experience disruptions when accessing applications that rely on Keycloak or its administrative consoles within the affected realm.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition on the Keycloak server, causing service disruptions for users and applications dependent on Keycloak for authentication and authorization.
Remediation
Users can upgrade to the Red Hat build of Keycloak 26.0.8, which addresses this vulnerability. Instructions for applying this update are available on the Red Hat Customer Portal.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
5.2impact
1.3exploitability
5.4remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.