PatchSiren cyber security CVE debrief
CVE-2026-4634 Red Hat CVE debrief
CVE-2026-4634 is a high-severity vulnerability in Keycloak that can lead to a Denial of Service (DoS) condition. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a DoS for the Keycloak server. The vulnerability has a CVSS score of 7.5 and is considered high severity. Keycloak is an open-source identity and access management solution. The CVE was published on April 2, 2026, and last modified on June 30, 2026.
- Vendor
- Red Hat
- Product
- Red Hat build of Keycloak 26.2
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-02
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-04-02
- Advisory updated
- 2026-06-30
Who should care
Organizations using Keycloak for identity and access management should prioritize patching this vulnerability to prevent potential DoS attacks. Security teams and administrators responsible for Keycloak deployments should be aware of this vulnerability and take necessary actions to mitigate the risk. Additionally, developers and DevOps teams involved in the deployment and maintenance of Keycloak instances should also be informed about this vulnerability.
Technical summary
The vulnerability exists in the OpenID Connect (OIDC) token endpoint of Keycloak. An attacker can send a specially crafted POST request with an excessively long scope parameter, leading to high resource consumption and prolonged processing times. This results in a Denial of Service (DoS) condition for the Keycloak server. The vulnerability has a CVSS score of 7.5 and is considered high severity. The Common Weakness Enumeration (CWE) associated with this vulnerability is CWE-1050.
Defensive priority
High priority should be given to patching this vulnerability to prevent potential DoS attacks. Security teams should work closely with administrators and developers to ensure timely patching of affected Keycloak instances.
Recommended defensive actions
- Apply patches or updates provided by the vendor to vulnerable Keycloak instances.
- Implement compensating controls, such as rate limiting or IP blocking, to mitigate the risk of exploitation.
- Monitor Keycloak instances for suspicious activity and adjust security configurations as needed.
- Perform regular security audits and vulnerability assessments to identify potential weaknesses.
- Keep Keycloak instances and dependencies up-to-date with the latest security patches.
Evidence notes
The CVE-2026-4634 vulnerability was published on April 2, 2026, and last modified on June 30, 2026. The vulnerability affects Keycloak instances with specific CPE criteria. Vendor advisories and issue tracking information are available through Red Hat's security website and Bugzilla.
Official resources
-
CVE-2026-4634 CVE record
CVE.org
-
CVE-2026-4634 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.