GHSA-p5mv-gj8j-xqgfHighCVSS 7.5

Keycloak: Denial of Service via specially crafted SAML input

Published
May 19, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

📋 Description

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service (DoS) where the server becomes unavailable.

🎯 Affected products1

  • maven/org.keycloak:keycloak-saml-core:< 26.6.2

🔗 References (11)