Primary

Context

Keycloak Denial-of-Service Vulnerability via Excessive SAMLRequest Decompression

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Keycloak. An unauthenticated remote attacker can exploit this issue by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server does not properly enforce size limits during the DEFLATE decompression process, which leads to an OutOfMemoryError and causes the application to terminate. This vulnerability disrupts the availability of the service.

Impact

Exploitation of this vulnerability causes the Keycloak server process to run out of memory and terminate, disrupting authentication services and user management capabilities.

Remediation

Users can upgrade to the Red Hat build of Keycloak 26.4.10, which addresses this vulnerability. Instructions for downloading this version are available on the Red Hat Customer Portal.

Added: Mar 18, 2026, 4:25 AM

Updated: Mar 18, 2026, 4:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

4.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

2.5

exploitability

8.3

remediation

7.7

relevance

4.3

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Keycloak Denial-of-Service Vulnerability via Excessive SAMLRequest Decompression

Vulnerability

Impact

Remediation

Affected Products

Red Hat build of Keycloak

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating