VYPR

Maven package

org.keycloak/keycloak-quarkus-dist

pkg:maven/org.keycloak/keycloak-quarkus-dist

Vulnerabilities (2)

  • CVE-2025-11419HigDec 23, 2025
    affected < 26.0.16fixed 26.0.16

    A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service (DoS) by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable.

  • CVE-2025-11538MedNov 13, 2025
    affected < 26.4.4fixed 26.4.4

    A vulnerability exists in Keycloak's server distribution where enabling debug mode (--debug ) insecurely defaults to binding the Java Debug Wire Protocol (JDWP) port to all network interfaces (0.0.0.0). This exposes the debug port to the local network, allowing an attacker