Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Update
🔗 CVE IDs covered (8)
📋 Description
CVE-2026-0707 — keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass CVE-2026-1190 — org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData CVE-2026-2092 — keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions CVE-2026-2575 — keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression CVE-2026-2603 — keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider CVE-2026-2733 — org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol CVE-2026-3009 — org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) CVE-2026-3047 — org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login