logo

Database

Insecure functionality In org.keycloak:keycloak-services

Description

Keycloak: Application-Level DoS via Scope Processing A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-46342. NVD-2026-46343. OSV-2026-46344. GCVE-2026-46345. access.redhat.com6. access.redhat.com7. access.redhat.com8. access.redhat.com9. ACCESS-CVE-2026-4634

References

1. https://github.com/keycloak/keycloak/issues/477162. https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a03. https://bugzilla.redhat.com/show_bug.cgi?id=2450250

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.