Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
https://nvd.nist.gov/vuln/detail/CVE-2026-4634, https://github.com/keycloak/keycloak/issues/47716, https://github.com/keycloak/keycloak/commit/b455ee4f28abb6f2120aff72fd179589cc5267a0, https://access.redhat.com/errata/RHSA-2026:6475, https://access.redhat.com/errata/RHSA-2026:6476, https://access.redhat.com/errata/RHSA-2026:6477, https://access.redhat.com/errata/RHSA-2026:6478, https://access.redhat.com/security/cve/CVE-2026-4634, https://bugzilla.redhat.com/show_bug.cgi?id=2450250, https://github.com/keycloak/keycloak
Leave a Reply