VYPR

Maven package

org.keycloak/keycloak-saml-adapter-core

pkg:maven/org.keycloak/keycloak-saml-adapter-core

Vulnerabilities (3)

  • CVE-2026-2575MedMar 18, 2026
    affected < 26.5.4fixed 26.5.4

    A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to

  • CVE-2026-2092Mar 18, 2026
    affected < 26.2.14fixed 26.2.14

    A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious

  • CVE-2018-10894MedAug 1, 2018
    affected < 4.4.0.Finalfixed 4.4.0.Final

    It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.