RHSA-2026:3948HighCVSS 8.8

Red Hat Security Advisory: Red Hat build of Keycloak 26.4.10 Images Update

Published
March 5, 2026
Last Modified
June 8, 2026

🔗 CVE IDs covered (8)

📋 Description

CVE-2026-0707 — keycloak: Keycloak Authorization Header Parsing Leading to Potential Security Control Bypass CVE-2026-1190 — org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData CVE-2026-2092 — keycloak-services: Keycloak: Unauthorized access via improper validation of encrypted SAML assertions CVE-2026-2575 — keycloak: Keycloak: Denial of Service due to excessive SAMLRequest decompression CVE-2026-2603 — keycloak: Keycloak: Unauthorized authentication via disabled SAML Identity Provider CVE-2026-2733 — org.keycloak/keycloak-services: Keycloak: Missing Check on Disabled Client for Docker Registry Protocol CVE-2026-3009 — org.keycloak/keycloak-services: Improper Enforcement of Disabled Identity Provider in IdentityBrokerService (Authentication Bypass) CVE-2026-3047 — org.keycloak.broker.saml: Keycloak SAML broker: Authentication bypass due to disabled SAML client completing IdP-initiated login

🔗 References (3)