CVE-2026-2575
5.3 MEDIUMA flaw was found in Keycloak
Published: 2026-03-18 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- CWE
- CWE-409
Affected products
| Vendor | Product |
|---|---|
| redhat | build_of_keycloak |
Description
A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-2575
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:3947
- [Vendor advisory]https://access.redhat.com/errata/RHSA-2026:3948
- [Vendor advisory]https://access.redhat.com/security/cve/CVE-2026-2575
- [Vendor advisory]https://bugzilla.redhat.com/show_bug.cgi?id=2440149
Related CVEs
Same vendor
- CVE-2026-50259 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50258 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-50257 — A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence() (7.8 HIGH)
- CVE-2026-50256 — A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland (7.8 HIGH)
- CVE-2026-1784 — The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy (8.8 HIGH)
Same CWE
- CVE-2026-49755 — Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers ...
- CVE-2026-10725 — Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb (7.5 HIGH)
- CVE-2026-48594 — Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-tesla tesla allows a denial of service via decom...
- CVE-2026-44697 — Klever-Go is the Go implementation of the Klever blockchain protocol (8.6 HIGH)
- CVE-2026-8814 — Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due t... (5.3 MEDIUM)