VYPR

Maven package

org.keycloak/keycloak-saml-core

pkg:maven/org.keycloak/keycloak-saml-core

Vulnerabilities (4)

  • CVE-2026-2575MedMar 18, 2026
    affected < 26.5.4fixed 26.5.4

    A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to

  • CVE-2026-2092Mar 18, 2026
    affected >= 26.3.0, < 26.4.10fixed 26.4.10

    A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language (SAML) broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious

  • CVE-2024-8698HigSep 19, 2024
    affected < 22.0.13fixed 22.0.13

    A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather

  • CVE-2021-3827Aug 23, 2022
    affected < 18.0.0fixed 18.0.0

    A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's cr