logo

Database

Excessive privileges In org.keycloak:keycloak-saml-adapter-core

Description

Keycloak: Denial of Service due to excessive SAMLRequest decompression A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-25752. NVD-2026-25753. OSV-2026-25754. GCVE-2026-25755. access.redhat.com6. access.redhat.com7. ACCESS-CVE-2026-2575

References

1. https://github.com/keycloak/keycloak/issues/463722. https://github.com/keycloak/keycloak/commit/4f90ef67f698dfb45df0d2f4981271a7c8b47f043. https://bugzilla.redhat.com/show_bug.cgi?id=2440149

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.