HIGHCVE-2026-4634Published Modified CNA redhat
CVE-2026-4634: Keycloak: keycloak: denial of service via excessive processing of openid connect scope parameters
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 26.2.15-1
- Affected Products
- 8
Fix available
26.2.15-126.2-1826.4.11-126.4-14
Affected packages
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2.15-1
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2-18
- Red Hat / Red Hat build of Keycloak 26.2Fixed in 26.2-18
- Red Hat / Red Hat build of Keycloak 26.2.15
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4.11-1
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4-14
- Red Hat / Red Hat build of Keycloak 26.4Fixed in 26.4-14
- Red Hat / Red Hat build of Keycloak 26.4.11
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H