CVE-2026-2575 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLReq…
Medium CVSS: 5.3

CVE-2026-2575

A flaw was found in Keycloak. An unauthenticated remote attacker can trigger an application level Denial of Service (DoS) by sending a highly compressed SAMLRequest through the SAML Redirect Binding. The server fails to enforce size limits during DEFLATE decompression, leading to an OutOfMemoryError (OOM) and subsequent process termination. This vulnerability allows an attacker to disrupt the availability of the service.
Vendor
-
Product
-
CWE
CWE-409
Yayın Tarihi
2026-03-18 04:17:16
Güncelleme
2026-03-18 14:52:44
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-409 MEDIUM 2026

Referanslar

https://access.redhat.com/errata/RHSA-2026:3947 https://access.redhat.com/errata/RHSA-2026:3948 https://access.redhat.com/security/cve/CVE-2026-2575 https://bugzilla.redhat.com/show_bug.cgi?id=2440149