CVE-2026-4634: Excessive Platform Resource Consumption within a Loop in Red Hat Red Hat build of Keycloak 26.2
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
AI Analysis
Technical Summary
The vulnerability CVE-2026-4634 affects Red Hat build of Keycloak 26.2 and involves excessive resource consumption triggered by an unauthenticated attacker sending a POST request with an overly long scope parameter to the OpenID Connect token endpoint. This leads to prolonged processing and denial of service on the server. The issue is classified as a high-severity denial of service vulnerability with a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Red Hat has released updated Keycloak packages (26.2.15) that include a fix for this vulnerability. The advisory recommends backing up existing installations before applying the update. There are no indications of active exploitation in the wild.
Potential Impact
An unauthenticated attacker can cause a denial of service on the Keycloak server by sending a specially crafted request that consumes excessive processing resources. This disrupts the availability of authentication services provided by Keycloak, potentially impacting dependent applications and services. There is no confidentiality or integrity impact reported for this vulnerability.
Mitigation Recommendations
Red Hat has released updated packages for Red Hat build of Keycloak version 26.2.15 that address CVE-2026-4634 along with other security issues. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying the official update from Red Hat is the recommended remediation. No other mitigation or workaround is specified in the advisory. Patch status is confirmed as an official fix available via the Red Hat Customer Portal.
CVE-2026-4634: Excessive Platform Resource Consumption within a Loop in Red Hat Red Hat build of Keycloak 26.2
Description
A flaw was found in Keycloak. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with an excessively long scope parameter to the OpenID Connect (OIDC) token endpoint. This leads to high resource consumption and prolonged processing times, ultimately resulting in a Denial of Service (DoS) for the Keycloak server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-4634 affects Red Hat build of Keycloak 26.2 and involves excessive resource consumption triggered by an unauthenticated attacker sending a POST request with an overly long scope parameter to the OpenID Connect token endpoint. This leads to prolonged processing and denial of service on the server. The issue is classified as a high-severity denial of service vulnerability with a CVSS 3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Red Hat has released updated Keycloak packages (26.2.15) that include a fix for this vulnerability. The advisory recommends backing up existing installations before applying the update. There are no indications of active exploitation in the wild.
Potential Impact
An unauthenticated attacker can cause a denial of service on the Keycloak server by sending a specially crafted request that consumes excessive processing resources. This disrupts the availability of authentication services provided by Keycloak, potentially impacting dependent applications and services. There is no confidentiality or integrity impact reported for this vulnerability.
Mitigation Recommendations
Red Hat has released updated packages for Red Hat build of Keycloak version 26.2.15 that address CVE-2026-4634 along with other security issues. Users should back up their existing installations, including applications, configuration files, and databases, before applying the update. Applying the official update from Red Hat is the recommended remediation. No other mitigation or workaround is specified in the advisory. Patch status is confirmed as an official fix available via the Red Hat Customer Portal.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-03-23T08:41:40.650Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69ce6a44e6bfc5ba1dd993af
Added to database: 4/2/2026, 1:08:20 PM
Last enriched: 4/9/2026, 10:43:50 PM
Last updated: 5/20/2026, 8:04:44 AM
Views: 236
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.